well i couldn't find a forum for this question so i just had to put it in the general, this might help some people and not just me, so here it goes

i took these notes, because i am trying to do a paper and a presentatin on IDS and snort. i wrote what i expected from the paper and it was good but i am starting and i think i am getting lost.

how would you organize something like this

------------------------------------------------------------------------
1.1 what is IDS
# IDS detects both intrusions and computer misuse.
#intrusions are attacks originating for the outside of your network
#misuse are attacks originating for the inside of you network
# similar to a burglar alarm in that IDS does not stop intrusions but rather just warns when one is happening.
# the IDS function is to gather information (though logs for example) and analyze them for possible attempts of intrusion.
# although there are many types of IDS (network based (NIDS),host based ( HIDS), Hybrid (HIDS), and application based).
# intrusions could be any ware from attempted reckon through port scanning to trying out the new exploit.
# IDS serves multiple purposes that a Firewall lacks
1. reliable logs.
most crackers (at least some smart ones) will clean up after they are done with there attack. done right, intrusion detection could block attackers from editing the IDS sensor log files or at least present some more difficulty against the attacker.
2. Detect attacks.
although firewalls block some attacks, not all do detect them efficiently and warn you when an attack is taking place (at least not the ones reasonably priced).
3. Alert functionality.
4. Detect computer misuse.
Firewalls might do a great job in detecting an attack from the outside, but what about attacks originating from within your network, did you think about that, probably not. Most organization seem to like to trust there employees. I also bet you did not know that almost 80% of all successfully attacks originate from the inside your network.
5. Detailed Logs
Firewalls rarely show you what caused the attacks, while IDS shows you the packet that might have caused your system's compromise.
6. Better documenting the attack so you could fix it latter
7. Logs make great forensics evidence if you later want to prosecute the attacker.
8. Detecting some security violations
a perfect example of this is that snort detects when users use P2P software such as kazaa and Gentualla
9. Pre-attack symptoms
this includes port scanning, vulnerability scanning, etc... things that attacks need to have before attacking you system.
# So basically an IDS is a system that collects information and logs ( or alerts you) when a possible attack or misuse is taking place.

-------------------------------------------------------------------------------------

i need some help just to start and then i could continue on my own.

also how do you take notes, or write some thing (do you see what others did on the subject and try to be like them, or do you just write what you remember).

thanks