Hi,

I am in the process of configuring my new server and wanted to know which software firewall program to use - also is it true that these prorams slow down the server - if so, is it considerable?

Also, I plan to install an intruder detection system - is this a good idea? This system does the monitoring itself and requires minimum user intervention I hear?

Thanks! :D

Just compile the kernel to have iptables support and use a frontend like APF. It doesn't really have any performance hit at all. Not noticable at least.

An intruder detection system is always good as you can be watching your server round the clock.

You may also want to consider tripwire to see if your server binaries etc has been altered, as well as logwatch to check for suspicious activity.

thanks for the advice sprintserve, just wanted to know - i came across two versions of tripwire - the official corporate one and an opensource one (tripwire.org). Is it ok if I use the free version?

Any recommendations for any good (preferably free) intruder detection systems out there?

I use one called DEMARC it is a TIDS...
total intrusion detection system...monitors everything from intrusions to incoming viruses to server loads and monitoring.
http://www.demarc.com

It's ok to use the opensource one. That's what I use.

@sprint - in your opionion, would tripwire be better than the demarc solution? kinda curios as i am not by any means a linux guru, I know enought to solve problems and use it...and demarc was the first TIDS system I was introduced to.

Demarc does what tripwire does and more. but it's not free unless you are using for home use.

that is the issue I had.. $$$$ the demarc in a production environment cost me some cash and alot of learning something new... was just curious as to your opinion on the 2..thank you.

well you can probably do a montage of software that will add up. Takes a bit more work, but is free.