Recommendations
Prefer single application or single user system to multi-application multi-user (think servers)
Hide operating systems from the network
….to a single process per object
Restrict read access to mutable objects…..
…. to those who can change them
Application end-to-end encryption (PPTP, L2TP, other)
Scan for viruses in and out
Scan for viruses on desktop and servers.
Prefer application-aware composed firewalls between layers.
Client-side strong authentication