Brian Krebs, in his blog “Krebs on Security”, has made available a draft report from the Information Assurance Directorate of the National Security Agency [NSA] on network security approaches and techniques. The unclassified report is quite lengthy and comprehensive:
The 605-page PDF document reads like a listing of the pros and cons for a huge array of defensive and counterintelligence approaches and technologies that an entity might adopt in defending its networks.
The report was originally prepared back in 2004, but most of it is still quite current and applicable. (Plus ça change …). The download link for the complete report appears in Brian’s article.