Configure your routers, switches, and other adjoining network hardware to be secure, which means locking down services, keeping the router or switch OS updated, and applying any security measures such as disabling broadcasts on certain interfaces, applying access control lists (ACLs), and so on.
Disable the Simple Network Management Protocol (SNMP) and any other services that you do not need.
Make sure any e-mail relays in use are protected and arent being used to send spam.
Use application gateway firewalls to protect against large-scale attacks.
Apply defense in depth. Using a firewall alone is almost meaningless. You need to ensure that you have multiple levels of security in place, such as desktop policies, a firewall, and an IDS.
Use a security policy and keep it updated. Security is upheld only when its supposed to be, so make sure your company has a policy in place that dictates what needs to be secured and how it needs to be secured.
This article is excerpted from Vista for IT Security Professionals. To order this book, please visit Syngress.
Make sure you have an incident response plan ready, with detailed steps and a team that can carry it out. Your goal should be to prevent a crisis if you can, but your real responsibility when dealing with incident response concerns the response; in other words, taking care of the issue either while it is happening or after it has happened.
TIP Creating backups of your important data is one place to start. Incident prevention and risk mitigation begin with your proactive planning. A great response to an attack that destroys your companys important data is data backup that restores that data to its original state.
Recognizing the presence of malicious code should be your first response step if the system does get infected. Administrators and users need to be on the alert for common indications that a virus might be present, such as missing files or programs; unexplained changes to the systems configuration; unexpected and unexplained displays, messages, or sounds; new files or programs that suddenly appear with no explanation; memory leaks (less available system memory than normal) or unexplained use of disk space; and any other odd behavior of programs or the OS.
If a virus is suspected, a good antivirus program should be installed and run to scan the system for viruses and attempt to remove or quarantine any that are found. Finally, all mission-critical or irreplaceable data should be backed up on a regular basis in case all of these measures fail.
Remember that virus writers are a creative and persistent bunch and will continue to come up with new ways to do the impossible, so computer users should never assume that any particular file type or OS is immune to malicious code. There is only one way to completely protect yourself against a virus, and that is to power down the computer and leave it turned off entirely.
TIP You may want to consider creating an incident response plan as well as an incident response team for your future incident endeavors. You should also review Creating a Computer Security Incident Response Team: A Process for Getting Started, released by CERT (www.cert.org/csirts/Creating-A-CSIRT.html).