Beyond Patching -- Defense In Depth
Simply keeping systems patched or using automatic updates is only one small part of securing your IT infrastructure. Comprehensive defense is set up in layers, from the network perimeter all the way to the individual applications your business relies on. You will want to consider the following protection options:
Review and change firewall settings.
Consider implementation of network or perimeter Anti-Virus protection.
Examine host-based firewall protection options.
Review and strengthen System Policy settings.
Quarantine new or visiting computers and removable media until they are screened for viruses and malware.
If you don't currently use Automatic Updates, look at the pros and cons and reconsider.
Details on how to implement these changes will be examined in follow-up articles.
These steps will not only protect against Conficker, they are the building blocks of an in-depth defense strategy against future worms and malware as well.