- Firewalls – The most important. A good firewall at the perimeter can eliminate most types of attacks if it is configured properly. The correct way to configure a firewall is to block everything, and then allow only what is needed. Businesses typically need some help with this, but it’s worth the extra expense and time.
- Proxy / Admin Servers – It’s less expensive to use a proxy server to do filtering, monitoring, and logging rather than doing this at the firewall. These operations take significant CPU power and available storage, but a dedicated server will provide you with visibility into your network.
- Policy & Group Policies – Set sane defaults for what users can do. Consider carefully your policies about taking data off-site.
- Education – Users often need a clue about:
- Threats that might result in disclosure of sensitive information
- Threats that might result in abuse or destruction of data or network resources