I came accross a very nice reading from Computer World. I has so many nice information and ideas.
I hope you will enjoy readin it.... and most importantly find it beneficial....
It is good practice to disable unused protocols.....Many attacks target protocols such as HTTP, DNS and FTP. Certain programming errors, such as unchecked buffers, can be exploited by attackers to compromise or damage a system. These attacks exploit loose programming practices in applications and systems. Enforcing acceptable protocol behavior goes beyond checking requests for comments (RFC) and ensures that the data flowing through the network adheres to the policies of the applications running in your environment.
Full ReadinHere's an example: The HTTP 1.0/1.1 protocol allows host names up to any length, so an RFC checker wouldn't bother checking this field. Application usage enforcement knows that since the Domain Name System doesn't allow for host names of more than 256 characters, the best way to stop attacks is through blocking any HTTP request that contains a host-name field with more than 256 characters. With checks like these, a properly configured protection system can block zero-day attacks that might exploit a still-unknown vulnerability in a Web server that can't handle host-name fields of an arbitrary length.