>>For instance, let's get back to the fact that more than 75% of system >>abuses in typical commcercial environments comes from insiders. Is >>anyone looking at what is different about these insiders that can be >>detected or monitored? >> >>--spaf >> > >I agree that the noise level is a little high. I joined the list to learn >more about IDS and security (I have installed crack and COPS but don't >consider myself a security expert yet). What about sniffing inside a >firewall. Is there any way yet of possibly detecting a sniffer? > >-Chris Chris, When you begin installing sniffers within your organizations, you need to look at the issue of violation of an individuals privacy. ***Now before you go ranting*****, allow me to explain... Justification is the only weapon you will have when you approach your "boss", at whatever level that might be in gaining aproval for such a tool to be used. If prior approval is not obtained and one of the "users" finds out...there will be hell to pay in explaining why you were not just targeting one workstation...or any number of other questions which are bound to pop up. My basis for my statement is based on the fact that I work for the DoD and this is a CRITICAL element when we are looking at a system/site. Tony If You Don't Do It Right The First Time... Be Prepared To Make Time To Do It Over....D.R.J. Visit my Home Page: http://www.serve.com/ruccia