Most successful worm infestations can be avoided by taking a few simple precautions. Although you shouldn't expect total safety, these steps will help you get close. And don't just follow these steps once; constant vigilance is the key.


Never expose an unpatched, nonupdated computer or other device to the Internet.

Always use a firewall between your enterprise and the Internet. Use firewalls between portions of your network and, where possible, use software firewalls on each machine.

Train your users. Many a good network has been undone by careless users who download infected e-mail, visit infected Web sites, or bring infected machines into a network from outside.

Patch and update machines frequently. Yes, it's a pain, and it may require time for testing as well as patching. But it's probably easier and cheaper than trying to fix an infestation, or explaining to business partners how you infected their system through the VPN connection.

Require up-to-date antivirus software on every machine. These packages also protect against worms.

Create, enforce and audit your security policies. You must have rules, and they must be enforced for all users. Audit employee compliance with the rules and get high-level support for mandating that compliance.

Frequently check your enterprise for vulnerabilities. Visit vulnerability Web sites, take advantage of free scanning tools on the Internet, and invest in vulnerability scanners if you have a large network. New vulnerabilities and new exploits crop up constantly, and you can't protect against them if you don't know about them.


Source