FIrewall and IDS.....As luck would have it the IDS rep is coming today to talk to me about Symantec Manhunt, which exists on the system, however, no knows how to use it. Once again everyone is looking to me. I am almost certian it is monitoring from behind the firewall.

I want to setup the system so that there is an external sensor using SNORT and the internal is using Manhunt. There is an established DMZ and nating is being used.

If anyone has used these products or has suggestions on thier setup. Tiger shark you mentioned a secure server, which I want to put on a seperate switch with management connections to the Database server and analysts console.

With Snort I plan on using 2 interfaces, one for the Sniffing and one for the maintinance.

Looks like a fun weekend ahead :-)