> I've been tasked by our company president to learn about, investigate and > recommend an intrusion detection system for our company. > > We're a smaller outfit, less than 100 employees, entirely Apple-based. > Macs, iPhones, some Mac Mini servers, etc., and a fiber connection to the > world. We are protected by a FreeBSD firewall setup, and we stay current > on updates/patches from Apple and FreeBSD, but that's as far as my > expertise goes. > > Initially, what do people recommend for: > > 1. Crash course in intrusion detection as a whole > 2. Suggestions or recommendations for intrusion detection hardware or > software > 3. Other things I'm likely overlooking
if you were comfortable enough with freebsd to use it as a firewall, you can run your traffic through, or mirror it to, a freebsd box running https://www.bro.org/ or https://www.snort.org/ two quite reasonable and powerful open source systems randy