Appendix F describes some of the best practices for securing your Web server. However, you must thoroughly appreciate the single most important best practice: staying up-to-date on security news. Security is an ever-changing landscape. When new vulnerabilities are found in any software you use, regardless of vendor, you must take swift action. So keep current. If you're not up-to-date, you run the risk of being attacked as information about vulnerabilities and fixes spreads.
The following are some of the best places to go on the Web to stay current with security issues:
You should also consider subscribing to a number of security-related newsletters:
Finally, a word of advice for the truly paranoid: if you have a Windows CE Pocket PC or handheld device, you should consider using Microsoft Mobile Channels or AvantGo (www.avantgo.com) to stay on top of security issues. You can easily keep current by keeping the latest Web pages on your PC companion. For example, one of us uses AvantGo to keep the latest Microsoft and CERT security pages on his Hewlett-Packard Pocket PC. He's been known to read them during meetings—it's more productive than playing games!