Would you suggest IDS and IPS in an enterprise Intranet?
We'll suggest it. Snort can be of help detecting and mitigating in at least the following cases
- One security risk often overlooked is the internal hacker / industrial spy. Snort can help in detecting anormalous traffic pointing to activities of this kind
- Detecting the deployment of un-authorized wireless access-points and modems
- Detecting and confining computers that have been compromised by viruses and trojans
- Detecting mobile computers