Secure apps to stop network attacks

ANALYSIS Updating Microsoft products
The process of keeping applications up to date varies widely, depending on where the application came from. If you have Microsoft products such as Office, staying current is easy. The first thing that I'd recommend is to get a copy of the Microsoft Baseline Security Analyzer (MBSA). You can acquire this tool at Microsoft's TechNet Web site. The MBSA scans your computer for potential weaknesses. Although the MBSA doesn't focus specifically on Office, it does provide lots of useful information, as shown in Figure A. Another way that you can keep Microsoft products up to date is to use the updates available on the Microsoft Web site, such as the Office Updates site. One click of the Go button, and you'll receive a report outlining exactly what you need and where to get it. Application inventory
As important as it is to keep your applications up to date, it's equally important to be aware of the applications running on your network. If you don't know what applications are on your workstations, then you can't expect to keep those applications up to date. Frequent software audits will help you keep track of the applications on your network. Another reason to perform frequent software audits is to spot unauthorised software, which could potentially expose your company to piracy-related litigation. Likewise, unauthorised software can interfere with your network's overall health. Unauthorised software can contain Trojan horses, viruses, or known weaknesses that can be exploited by a hacker. Furthermore, such applications consume system resources, such as memory, hard disk space, processing power, and bandwidth. These applications could even harm legitimate business applications. For example, how many times have you seen one application overwrite a DLL file or a driver that was implemented by another application? For reasons such as these, it's imperative that you create a software policy dictating which applications -- and which versions of those applications -- are allowed on your workstations. You must then hunt down and remove all other applications. Centralised application management
One of the best ways of enforcing your software usage policy is to control the distribution of applications. Active Directory lets you publish or assign applications to workstations. This allows you to automatically install applications or to require users to install authorised applications by going through the Control Panel's Add/Remove Programs applet. There are several advantages to controlling software through Active Directory. First, if a user somehow removes or destroys an application, you can set Windows to automatically reinstall the missing or damaged application. Another advantage is that by centralising and automating the process, you can be sure that all updates are rolled out to all users in a timely manner. There will be little need to wonder if your PCs are up to date, although random spot checks are never a bad idea. Terminal Services
For the ultimate in centralised application control, why not implement Terminal Services? Terminal Services works similarly to a mainframe/dumb terminal system. Your workstations run a small client program that allows them to attach to a terminal server. All applications are actually running on the terminal server, and only screen refreshes are sent to the clients. The cool thing about Terminal Services is that, because all of the applications are running on the terminal server, there's only one copy of each application. This means that the application should be much easier to maintain than if you had a thousand copies of the application spread across a thousand PCs.

---