Date Published: February 2007
Supersedes: SP 800-31 (November 2001)
Author(s)
Karen Scarfone (NIST), Peter Mell (NIST)
The National Institute of Standards and Technology (NIST) developed this document in furtherance of its statutory responsibilities under the Federal Information Security Management Act (FISMA) of 2002, Public Law 107-347. This publication seeks to assist organizations in understanding intrusion detection system (IDS) and intrusion prevention system (IPS) technologies and in designing, implementing, configuring, securing, monitoring, and maintaining intrusion detection and prevention systems (IDPS). It provides practical, real-world guidance for each of four classes of IDPS: network-based, wireless, network behavior analysis software, and host-based. The publication also provides an overview of complementary technologies that can detect intrusions, such as security information and event management software. It focuses on enterprise IDPS, but most of the information in the publication is also applicable to standalone and small-scale IDPS deployments.
The National Institute of Standards and Technology (NIST) developed this document in furtherance of its statutory responsibilities under the Federal Information Security Management Act (FISMA) of 2002, Public Law 107-347. This publication seeks to assist organizations in understanding intrusion...
See full abstract
The National Institute of Standards and Technology (NIST) developed this document in furtherance of its statutory responsibilities under the Federal Information Security Management Act (FISMA) of 2002, Public Law 107-347. This publication seeks to assist organizations in understanding intrusion detection system (IDS) and intrusion prevention system (IPS) technologies and in designing, implementing, configuring, securing, monitoring, and maintaining intrusion detection and prevention systems (IDPS). It provides practical, real-world guidance for each of four classes of IDPS: network-based, wireless, network behavior analysis software, and host-based. The publication also provides an overview of complementary technologies that can detect intrusions, such as security information and event management software. It focuses on enterprise IDPS, but most of the information in the publication is also applicable to standalone and small-scale IDPS deployments.
Hide full abstract
Keywords
FISMA; intrusion detection; intrusion detection and prevention; intrusion prevention
Control Families
Audit and Accountability;
Incident Response;
Planning;