There is no need for expensive, complex security systems; Simple checks and management can be very effective.
 
1, to avoid the installation or operation of unidentified software or content without certification. Learn which programs are running on your computer and why they are running. If you don't know what's on your system, you won't be able to protect your system adequately.
 
2. Do not allow non-administrator users to log on as a system administrator or root authority.
 
3, protect your e-mail. Converts all incoming HTML content into plain text format, blocking all file default file extensions, except for a few you want to allow.
 
4, to protect your password. Set a longer password, the average user, to 10 characters or longer, the System management account is 15 characters or longer is preferred. Perform an account lockout, even if it's only a minute. In Windows system, disable LM password hash. Under Unix/linux, use the newer crypt (3) HASH,MD5 type hash, or choose a better bcrypt hash if your operating system supports it.
 
5. Use default disable and minimize permissions whenever possible. Use rule-based security when performing a security policy that minimizes permissions. You should have a group of it rules instead of just one "IT security group".
 
6, define and strengthen the security domain. Who needs access to what? What type of communication connection is legal? Answer these questions and design perimeter defenses. Defines a datum value that records an anomalous amount of traffic.
 
7. Encrypt all confidential data, especially on laptops and storage devices, where possible. There is no excuse to steal this laziness-the public relations that you have deteriorated by the loss of data can explain everything (and, of course, you can see what happens to the At&t,veteran affair U.S. Department, Bank of America).
 
8, the operating system and all programs upgrade patch management. Self, have you recently upgraded your Macromedia Flash,real Player, and Adobe Acrobat?
 
9. Assemble anti-virus, anti-spam and antispyware kits on gateways and hosts as much as possible.
 
10. Set up the security information in a vague way. Rename your administrator and root rights account. Do not use Exchangeadmin to name an account. Do not name your file server as Fs1,exchange1 or GATEWAYSRV1. Place a service on a non-default port when conditions permit: For example, you can move SSH services to 30456 ports, RDP to 30389,http to 30080, and so on for internal users and business partners.
 
11. Scan and investigate unknown TCP or UDP port monitoring on your network.
 
12. Track and record the area and time that each user browses on the Internet. Put the results in a real-time online report that everyone can access. The idea is to get users to manage their own internet surfing habits (which, I bet, can also lead to a sudden increase in productivity).
 
13, automated security policy. If you are not set to automatic, it will be in a state of discord.
 
14. Educate all employees on information security and develop appropriate strategies and procedures. Accustomed to change and structured management. For those who do not comply with the strict punishment.
 
Summarize:
 
I know that the above advice is not complete, but also should consider physical security, but this is a good start. Select a suggestion and focus on it from beginning to end. And then start another. Skip over what you can't do, and focus on the advice you can complete. If you really need an expensive IDs, buy them-but do the basics first.