Prevention Step 2With assessment results in hand, install all available system updatesbut only after all needed components are installed, so that update agents will download the right patches. This is tricky to do safely because systems are highly vulnerable when freshly installed. Next, start trimming fat from the systems that matter. Cut deep, leaving only enough functionality for critical systems to work and not a bit more. Also, change system defaults. Attackers infer knowledge about attacked systems based on their own copies of the same software. Its important to install server- or client-side tools that actively work to block anomalous behavior, on the principle that it might be harmful. Anti-virus software, local network firewalls, application firewalls and trusted operating systems all apply this principle. When developing applications, use secure programming practices. Applications that accept user input are potential security risks, and externally facing dynamic Web applications are especially high-risk. Tools that look for vulnerabilities in the development phase help coders avoid mistakes in the first place. All systems are vulnerableto highly skilled outside attackers, accidental misconfigurations, momentary lapses of attention or an internal attack. Managers should therefore plan for failure, with the level of protection matching the value of the assets being protected. Prevention also requires ensuring minimal operational disruption should a successful break-in occur. Regular backups allow individual destroyed or corrupted files to be restored, provide a way to track changes made to key system files, and are a quick way to roll systems back to "good" configurations.
Next Page: Step 3: Detection
The first major principle of preventing intrusions is to minimize risk by making it harder to crack into existing systems. To do this, IT managers must first shrink the problem domaincutting down on the number of systems that need to be secured. Otherwise, its just too big a problem.