Guide to Intrusion Detection and Prevention Systems (IDPS) (Draft): Recommendations of the National Institute of Standards and Technology [open pdf - 2MB]
"Intrusion detection and prevention systems (IDPS) are focused on identifying possible incidents, logging information about them, attempting to stop them, and reporting them to security administrators. In addition, organizations use IDPSs for other purposes, such as identifying problems with security policies, documenting existing threats, and deterring individuals from violating security policies. This publication describes the characteristics of IDPS technologies and provides recommendations for designing, implementing, configuring, securing, monitoring, and maintaining them. The types of IDPS technologies are differentiated primarily by the types of events that they monitor and the ways in which they are deployed. This publication discusses the following four types of IDPS technologies: network-based, wireless, network behavior analysis (NBA), and host-based."
Special Publication 800-94 Revision 1 (Draft)
Computer Security Resource Center, NIST: http://csrc.nist.gov/