Snort combines monitoring based on signatures of known threats (think virus definitions in antivirus software) with monitoring based on detecting suspicious network activity to identify potential threats. With millions of downloads and 300,000 registered users worldwide, Snort is the most widely deployed intrusion detection system in the world, and the established standard for IDS. Snort is available for both Linux and Windows.
Snort is a shining example of the benefits of a robust open-source community. As new malware threats and attack techniques are discovered, rules have to be created and implemented in Snort to allow the IDS to detect and identify them. But because of the size and the contributions of the vast Snort user community, the rules are almost constantly updated and there is no shortage of support available.
While Snort can be run on just about any PC, the Smoothwall Express firewall also includes the ability to provide IDS functionality with integrated support for Snort rules. If you do set up a Smoothwall Express firewall, you can just use Snort rules for intrusion detection without having to install Snort separately.
Guard the PCs
Even with the perimeter locked down, and the internal network being actively monitored, some threats may still slip through to PCs on the network. A firewall and an IDS are not a replacement for having antimalware protection installed locally on each PC.
A variety of free antimalware applications are available, but the terms of engagement are generally limited to consumer use. Businesses are expected to pay up in most cases. Microsoft took the initiative, though, of making its Microsoft Security Essentials software free for small businesses running up to ten PCs.
Microsoft subsequently began automatically pushing Security Essentials to unprotected PCs through its Microsoft Update Service. So, even businesses with more than ten PCs may find their Windows computers proactively protected by Microsoft.
Bolster Your Passwords
Do you have a password policy at your office? If not, you should. But I'll let you in on a little secret about password policies--just because they appear to offer security on paper doesn't mean that users can't find a way to effectively circumvent their intent. Users can sometimes follow the letter--but not the spirit--of the password policy and create passwords that leave your network open to trivial compromise.