Intrusion Detection using ACID on Linux

At a recent meeting with our IT staff, we were discussing the sometimes overwhelming amount of security required in managing a network and we quickly came to the conclusion that the entire group could devote nearly all of their time to network and system security and never have a shortage of projects. One member of our team made the comment that in that case, we would '...have a soccer team full of goalies!' So the questions of where we draw the line in the sand with respect to security goes on. Appropriate amounts of effort (time) and implementation (hardware/software) are necessary to protect our systems and users and it needs to be maintained within the constraints of our staffing and fiscal resources. Because our environment has not been one that is conducive to firewalls and the policies that are associated with them we have developed a set of security practices that includes a number of key features mentioned in the SANS defense in depth model.