I realize that for seasoned IT pros some of the tips here come from the Captain Obvious department. But if that’s true, why are they so unbelievably prevalent out in the wild?

They are obvious, but they’re rarely handled. We have to start somewhere.

One “obvious” basic step toward system security–be it server or PC security–is to shut down unused ports. Various software packages and services “listen” on open network ports on the machine. All it takes is one little vulnerability, unpatched application/service, etc., to lead to a breach.

Don’t tempt fate, so to speak. Shut down and disable any applications that listen on ports, which you don’t need. Another key piece of this puzzle is to have a good firewall running, that simply BLOCKS all inbound traffic to all ports. Then, open and allow only the ports you know you need, one-by-one.

Start with a fortress with no doors and no windows, then selectively “poke a hole” one by one, only as needed.

Reduce the opportunity for damage and you do much to prevent its actual occurrence.