I am trying to learn more about site security. I have a site that is on a dedicated server but it is a hosted server. Though our provider seems to take reasonable security measures I want to take a more active role in our security efforts.
I would like to run Snort but as far as I can tell I would have to have a box on the physical network in front of my site server if I didn't want to run Snort on the site server itself. Is this correct? And if we ran Snort on the site server wouldn't that take significant resources from the server if Snort was used for intrusion detection?
Thanks for any information or suggestions about the best way to take a more active role in our site security.