Security Pipeline has an interesting article that explains how you can do some simple and cost-free things with your network setup to significantly improve your security situation, in the event you have not already applied the measures they describe.

Note: I am not so sure I agree with the article as a whole (in my book, a good firewall is an absolute must, and vulnerability scanners do add real value, especially when used in combination with common sense and a good, well-trained set of brains and eyes), but the points made in the article are interesting and, at least on a case-by-case basis, valid. But I do not agree that implementing just those measures would provide anything even approaching acceptable network security. To state that many IT managers become mired in the volume of patches and configurations is a valid point on its face, and is worth considering when looking at how to manage security and prioritize, but to suggest or imply that one therefore avoid any of the patches and tools is not - in my opinion - a good option.

From the article (which gives specific items to address):

"According to Peter Tippett, CTO of the newly-formed security company Cybertrust (formed from TruSecure, BeTrusted and Ubizen), you're better off looking for good solutions instead of perfect answers. "A few solutions that are only 80 percent effective give an overall 99.9 percent solution," Tippett says. In fact, he says that the most effective security solutions require little time and less expense, and can reduce your exposure 40-fold."