"Knoppix-NSM is dedicated to providing a framework for individuals wanting to learn about Network Security Monitoring (NSM) or who want to quickly and reliably deploy a NSM capability in their network. Our goal is to provide an introduction to NSM and a distribution that can be used as a launch pad to bigger and better things. We have tried to do most of the hard work to help you get up and running as fast as possible so you can spend more time learning about NSM, leaving the details as a latter exercise once familiar with the concepts. [...]
Complete out of channel Intrusion Detection and Analysis center
With Knoppix-NSM you can deploy a complete NSM network to monitor your existing network infrastructure. Knoppi-NSM comes pre-configured for deployment of multiple sensors and databases, all you need to do is create the sensor accounts in the database and change some passwords.
Knoppix-NSM has been built with security in mind. All remote communications are over ssl tunnels so that you do not have to be concerned about eaves droppers if you decide to run Knoppix-NSM in your main network channels. Another feature is the use of iptables to ensure that only allowed hosts can connect and only necessary services are visible to the network. [...]
Some of the features on Knoppix-NSM include:
1. powerful Intrusion Detection System (based on snort),
2. detailed analysis consoles,
3. remote management over ssl/ssh,
4. tools installed, patched and ready to run,
5. automated scripts for easy installation/modification,
6. support for bonded network interfaces,
7. based on knoppix Live CD,
8. debian based when installed to harddrive,
9. ease of maintenance"