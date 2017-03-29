Answers:

1. Dont allow non-domain joined machines that are not corporate owned on the network. If an Exec need his ipad on wifi - build a wifi link outside your perimeter firewall.

2. Dont allow your admins to use an admin level account for daily desktop login, they should have user level accounts, this way if they are surfing and grab a bug, it only affects their desktop and not the network at large. They should have a separate Admin login that they only use when installing or modifying something that needs admin level access.

3. Run shadow copies and backup as often as your disks/bandwidth allow, at least daily or 6am, 12pm, 6pm to limit network strain to off times.

4. Setup DFS and run full replication between multiple DCs for all critical data. if it creates network strain on your internet connection during the day, setup burst scheduling to limit transfer bandwidth during peak times, but to burst during the off times.

5. Make sure you regularly run updates for all software and all antivirus on the network.

6. Has an emergency operating procedure or action plan written NOW as to how to implement isolation and restoration procedures to limit the attack surface, isolate and eliminate the threat, then restore the system to the last known good version.



Its the best advice I can give you in 10min. Its built on a lifetime of Adminstrator/Network/Datacenter Support process and procedures that I have seen work over and over. If your admins follow the rules and the network is properly configured as outlined above, you limit the attack surface greatly. Zero Day attacks can still affect you, but you can in a worst case scenario, usually only lose 1 days worth of productivity/data when implementing these procedures.