I am curious to see what people think of different IDS. The site I run is attacked at an almost constant rate. So far we have kept them at bay by making thing beyond paranoid and it has involved many many hours of work and reworking. Any ideas on how to simply the processes of keeping a server secure when it is the almost contact focus of hackers?
Well, an IDS will only go so far, so you should be okay from a breakin as long as you take all the steps you can to ensure the system is well configured, etc. There are many other additional things you can do, such as restricting what users and what source IPs can connect to a service in the first place, how often (i.e., rate limiting to prevent brute force or DOS attacks, if you allow world access), and all of the general things you need to do. However, if you're getting DDoSed, then that's another issue. What is the nature of the attacks you are receiving?