(I'm too lazy to read thru all the posts - someone prolly posted this already, screw it - REPEAT)...
Yo dog... Setup some ACL's & you'll be good to go.
Filter out your Windows/netBios traffic at the switch, i.e. TCP/UDP 137, 139, etc.... This will stop alot of the Worms dead in there tracks or at least impede there ability to propagate (Sasser, Blaster, etc..). Blocking traffic destined for your networks Broadcast address will help tremendously as well. Especially if you're on a large subnet. Again, Windows boxes are notorious for this shit. (All this assuming you don't need NetBios on your network.)
Actually, you might as well just setup an access list that limits your traffic to only what's needed (HTTP/HTTP, SSH. etc...).
If you got Cisco switches enable DHCP snooping (to prevent rogue DHCP servers) and Storm-Control.
When you got troublemakers, hunt there MAC out on the switch & put the smack down. (Cisco hint: show mac-address-table | include xxxx).
Look into scanning the network on a regular basis lookin' for vulnerable systems/potential offenders, plenty free shit to do that (See: Nessus). You can lock them out before they cause problems & force them to comply.
If you got rogue AP's, thats easy. Kismet or Netstumble them & pick out the MAC's. Again, block those at the switch.
Slashdot Mirror
(I'm too lazy to read thru all the posts - someone prolly posted this already, screw it - REPEAT)...
Yo dog... Setup some ACL's & you'll be good to go.
Filter out your Windows/netBios traffic at the switch, i.e. TCP/UDP 137, 139, etc....
This will stop alot of the Worms dead in there tracks or at least impede there ability to propagate (Sasser, Blaster, etc..).
Blocking traffic destined for your networks Broadcast address will help tremendously as well.
Especially if you're on a large subnet.
Again, Windows boxes are notorious for this shit.
(All this assuming you don't need NetBios on your network.)
Actually, you might as well just setup an access list that limits your traffic to only what's needed (HTTP/HTTP, SSH. etc...).
If you got Cisco switches enable DHCP snooping (to prevent rogue DHCP servers) and Storm-Control.
When you got troublemakers, hunt there MAC out on the switch & put the smack down.
(Cisco hint: show mac-address-table | include xxxx).
Look into scanning the network on a regular basis lookin' for vulnerable systems/potential offenders, plenty free shit to do that (See: Nessus).
You can lock them out before they cause problems & force them to comply.
If you got rogue AP's, thats easy.
Kismet or Netstumble them & pick out the MAC's.
Again, block those at the switch.
Peace.