The safest computer network in the world is one that is air gapped. This means it isn't connected to any other network or the Internet. Doesn't work well with todays computer users needs but it is the most secure. Wireless Networks are the opposite of this they are basically radio stations broadcasting internet connectivity and packets of data instead of music. 802.11 also known as WiFi is virtually impossible to 100% truly secure and will probably banned for HIPPA compliance.
Until 802.11i comes out it should be too. 802.11i will add security extensions to the protocol but its not here yet.


Even if your using WEP: Wireless Equiliency Protocol, LEAP: Lightweight Encrypted Authentication Protocol or WPA: Wi-Fi Protected Access, over an encrypted connection with HTTPS: encrypted http, SSH: encrypted remote shells, and encrypted mail procotols POP3S: encrypted pop3, IMAPS: encrypted imap and ESMTP W/SSL: extended simple mail transport protocol over secure sockets layer you are doing so it open view of everyone and in the least it can all be recorded just like a radio station broadcast and have serious processing power played out against it as they attempt to crack your keys later.

While wireless may be appropriate for home use, its use in business's should really need business justification. If it is used, it should be on its own subnet of a network and firewalled off as hostile to the rest of the internal network to further minimize exposure. Accessing business networks through applications such as pcAnywhere via a wireless home network is again risky behavior. Remember, users are usually the weakest link in computer networks.

Wifi is everywhere and its handy but care should be exercised to make sure the network communication is all encrypted with the highest level of encryption possible for your setting.

Have a Stateful Firewall installed on your network. Firewalls basically come in two flavors, stateful and non-stateful or port-filtered. Portfiltering only blocks traffic based on the port it comes in, this is not as secure as a stateful firewall. A stateful firewall not only looks to see
what port traffic is coming in on, it is also looking inside the packet to inspect what is coming through and why. This is much more secure. If a firewall doesnt say it does stateful packet level inspection it means its port filtered only.

Have a Computer security professional scan your network and computers from time to time to know what ports you have opened up to the internet. Justify why they are open, if there is no business justification for it close them down. Applications frequently open ports you will not know about and since most windows software wont document some of this you will not know if you do not actively scan these system. Worms can exploit this like SQL Slammer did. Most of the systems that were infected were exposed not because of SQL Server 2000 but because of applications using Microsofts Embedded database software. Scan yourself, the hackers are and if your not they know more about you than you do.

Use Encryption Everywhere it makes sense, if the data that is being transmitted is
healthcare information, PMI or usernames and passwords dont use non-encrypted protocols.
the following are plain text protocol and should be avoided when sending sensitive information.
1 - HTTP. this is any web page connection handled by a web browser this happens over port 80
2 - Telnet - this is a non encrypted remote shell connection. this happens over port 23
3 - POP3 - when your mail client gets mail every 15 minutes, your yelling out your password out in the open
every 15 minutes too. this is over port 110


Instead use encrypted equivilent protocols
1 - HTTPS, same as HTTP but encrypted and rememeber the more bits the better this happens over port 443
2 - SSH, encrypted remote shell connections, this happens over port 22
3 - POP3S, same as POP3 but again its encrypted this happens over port 995

Always backup your sytem before adding any new software or doing any Windows Updates.
If you have a large network or a system that everything depends on you should be trying out
updates, patches and new software on a separate sytem first to make sure everyone does what
its supposed to both before and after the updates.

Backup as frequently as possible, better yet automate it somehow. Always test the backups to make
sure they are in fact usable. We recommend having at least 3 copies of your data.
One should always be stored offsite. If this is sensitive information this should be encrypted so nobody can read what is on the backup without the password.

Use a naming convention such as this:

20021221
20030101
20030108
20030115

This way you have complete backups sorted by date with the earliest at the top and the latest on the bottom.
the numbering is YYYYMMDD or year month date.