(don't use tripwire, because it's old code) + C(ryptedF(ile)S(ystem) (if needed)
Nothing inherently wrong with old code (except that 99 times out of a 100 it has security flaws =(, and tripwire is being actively maintained, tripwire.com and tripwire.org, Red Hat 7.0 ships with a modern version of Tripwire (hint =).
Snort is well maintained, so it will become better and better in (relatively) short time intervals.
Yup. I know people on it, they are smart. SANS is moving a lot of their curiculum and books from covering shadow (made by US navy, was quite good) to snort (which is kicking ass).
At my home network, I have a OpenBSD Router, which has one
Gasp. I am shocked (I should write the headline "Suse sekurity guru sez OpenBSD is da bomb" (it's a joke, for readers that are humour impaired ;).
If you are looking for a IDS for your company, then I would advise you to the following book: Proctor; The practical Intrusion Detection Handbook; Prentice Hall
Another good one is: Network Intrusion Detection. An Analyst's Handbook. ISBN - 0-7357-1008-2 We also have a mega IDS comparision article coming soon on SecurityPortal.
There are two other IDS books, that I have listed in my 'Book Review' table at my home page (www.suse.de/~thomas)
Hmm yeah you only gave the above title 3 stars? BTW that wasn't my orgasmatron (belonged to someone else, honest).
Bye, Thomas
-Kurt (who should be asleep but isn't).