You've been hacked: Stage four -- Preventative measures

Lawrence Abrams: Keep computers patched and up to date. Use a patch management system. This will allow even remote users who log on to the network to get their updates installed on their computer.

Invest in a content filtering device, such as a firewall. These devices allow you to filter for security threats, spam and Web sites that are known to install malware. They will also alert you when a machine seems to be performing port scans or other abnormal behavior.

Schedule nightly or weekly antivirus and antispyware scans. Spyware and viruses have become almost interchangeable and should be treated equally. Create firewall access rules for known ports that should not be used on your network, such as Internet Relay Chat. This will allow you to quickly spot when a machine may be infected by examining the firewall logs.

Kevin Beaver: Some practical measures would be to harden each user's workstation via Group Policy, utilize centralized patch management when users are plugged into the network, implement a security policy and train users on how to apply their own patches when working remotely (not a great option, but better than nothing). You also want to install antispyware, antivirus and personal firewall software with application protection, such as BlackICE, Zone Alarm, etc. This combination makes for a fairly strong solution.

Tony Bradley: There are a wide range of proactive steps that you can take to prevent issues in the future; which ones to use depends on what the issue ultimately turns out to be.

Policies should be established and tools implemented to ensure that remote or traveling users receive their virus updates and required patches. A host-based intrusion prevention or personal firewall program would also help protect those users from future attacks.

Go back to the initial user problem: Hacking scenario

About the experts: Expert bios are available on the scenario page.