There exists many, many different kinds of products in the security realm which promise to go beyond good design and maintenance and offer active security controls or protection. Certainly, not all are needed everywhere. All should be considered depending upon your evaluated risks.

Virus scanning

Antivirus software consists of computer programs that attempt to identify, thwart and eliminate computer viruses and other malicious software (malware). Once a cornerstone of protecting local machines, this technology has proven to have lost some of its shine over recent years. Running a virus scanner is still a good move, however is by no means a total solution for local protection needs. The University has a site license for TrendMicro's suite of anti-virus and malware detection clients. MSSG runs a service called RADS which you can use along with the TrendMicro software to keep it updated with the latest virus and malware signatures.

Network scanning

Network scanning is a method of examining a network in an effort to discover particular nodes or services. There are many different kinds of network scans, all providing different kinds of results. Like virus scanning, network scanning used to be a highly effective means of figuring out what a particular machine's or network's vulnerabilities are. While still a terrific analysis tool, network scanning cannot detect many of the most dangerous client side exploits which are the cause of most compromised machines today. Many scanners are free for public use. Nessus is a particularly popular scanner that can leverage a terrific number of tests on every node and port on a given network. Other scanners include NMAP and Nettools.

Firewalls

A firewall is a hardware or software device which is configured to permit, deny, or proxy data through a computer network which has different levels of trust. Typically firewalls at Rutgers are deployed either in front of an entire network to prevent certain kinds of network traffic into a network, or locally on a computer to perform the same task. This prevents outside systems from being able to attack or exploit services which may be essential to the internal operation of a group of machines, but have no business being accessible to outside machines. The other, lesser used aspect of a firewall would be to restrict what traffic could travel *out* of a network. Unfortunately, this kind of operation is rarely seen. If this kind of operation were to be implemented, however, attackers would have a much more difficult time in leveraging exploits they may find (ie an inability to send spam with a comprimised host) or to fully leverage an exploit (having an otherwise local service send a connection outside of the firewall.) Almost any operating system today has the capability to set up a host-based firewall.

IPS/IDS

Intrusion Prevention Systems and Intrusion Detection Systems are two variants of essentially the same operation. An IPS is a computer security device that monitors network and/or system activities for malicious or unwanted behavior and can react, in real-time, to block or prevent those activities. An IDS merely identifies that traffic and can provide notification. The effectiveness of these systems is largely debatable. On a network as diverse and open as RUNet, they can often lead to nearly immeasurable amounts of data containing a fantastic number of false alarms. However, if your network does have a particular task and might not be considered to be as open, they could be a good bet. Likewise, you may have a smaller subnet that you wish to provide extra monitoring and protection for. They can also be used to identify particular *types* of information which may be traversing your network and are quite malleable in the different kinds of services they could be used to create. There are a great many IPS/IDS solutions out there, however the most popular opensource solution is Snort. Bro is also a popular tool.

Best Practices

Everyone has an opinion on the best way to run a particular operating system or service. The amount of documentation out there on any manner of subjects is tremendous. It's important to leverage current and accepted implementation methods for services and products.