In late February, recommendations for intrusion detection and prevention systems (IDPS) were issued by the Computer Security Division of the United States’ National Institute of Standards and Technology (NIST). In Special Publication SP 800-94, Guide to Intrusion Detection and Prevention Systems, NIST offers help to understanding IDPS technologies as well as for designing, implementing, configuring, securing, monitoring, and maintaining IDPS. It provides practical, real-world guidance for four classes of IDPS:
- Network-based
- Wireless
- Network-behavior analysis software
- Host-based
Also, the publication reviews complementary technologies that can detect intrusions, such as security information and event management software. Though the focus is on enterprise IDPS, most of the information is applicable to standalone and small-scale IDPS deployments.
*Source: Guide to Intrusion Detection and Prevention Systems, Karen Scarfone and Peter Mell, United States National Institute of Standards and Technology, Gaithersburg, Maryland, February 2007. |
