Furthermore, unpatched servers should never have access to the Internet. Staff should access these dangerously unpatched servers only via dedicated computers (not the same ones that are used to read e-mail and browse the Internet) on a dedicated "less secure" network.
Unless businesses take information security seriously, they cannot avoid information theft and costly outages. Jars of peanut butter that have a small chance of being tainted are pulled off store shelves within hours of a recall starting; a financial server with known vulnerabilities that processes paychecks for hundreds of employees is allowed to operate for months. Nobody should run an unpatched server just because Bob says so.
The P of P2P Is Personal, Not Business
I'm going to say something unpopular: P2P has no business on your work computer. The risk of malicious software from P2P (peer to peer) networks far outweighs any legitimate need for BitTorrent or KaZaa. On your personal computer, I still don't advise its use, but I can understand that there are several legitimate reasons for using it. Use reputable Websites to obtain shareware applications.
If you must participate in P2P, use a separate, nonadministrator user account for those functions. Never run software that you download from a P2P network in your administrator account, and always scan these downloads with several antivirus packages. Virustotal.com is a good place to do a quick scan of a dubious download if you don't already have a solid security package such as Norton Internet Security 2010. If you're a tech-savvy power user, run P2P software in a virtual machine to insulate your host operating system.
Nail Down Your Network
Switch your company and your home router's DNS resolver to use OpenDNS. Do it right now, I'll wait. There's no reason to use the default DNS provided by your Internet service provider. OpenDNS has a gigantic cache that will speed up your queries and a free Website filtering service that might interest some companies. Even if you don't want the filtering, its robust and secure DNS infrastructure can shield you from well-known attacks at the DNS level.
After 5 minutes of reconfiguration, your Internet connection will be snappier because the OpenDNS servers usually respond much quickly than your default ISP servers. Its Website explains the simple steps involved in changing your home router or your company's Active Directory domain controllers to their resolvers, and it has infrastructure spread all over the globe to ensure a speedy reply no matter where you are.
For power users and anyone in an IT capacity at work, I'm a big fan of using a host-based outbound firewall on both servers and workstations. It is absolutely essential to be notified when an unknown or new process decides to make an outbound connection. This way, even if something slips past your antivirus and antimalware defenses, you can catch it on the way out. Of course, this won't help nontechnical users who always click "Accept" on any pop-up that comes up.
Sign up for Computerworld eNewsletters.