I recently learned that a nearby network was infected with the slenfbot. I'm hoping to learn from their experience and help prevent something similar on my end in the future. I'll also share suggestions with my friend so they can implement changes to prevent this from happening in the future.
Their environment: 10 PCs + 2-3 servers
Antivirus: Symantec Endpoint Protection and all clients have this installed and updated regularly.
Email: Exchange box locally and have incoming mail filtered by a 3rd party for spam detection.
I'm not sure if they use any DNS filtering like that offered by Open DNS and their umbrella product.
I'm certain all use Internet Explorer.
I'm not sure if user accounts are limited by default or if everyone is an administrator.
I'm not sure how often updates (Java, etc.) that aren't Windows Updates are performed.
I've been reading up on infections and how to prevent them, but there isn't a "biggest bang for your buck" type list of things to try first, second, etc. Ideally, I know that a complete security lock down does all the check lists.
I'd appreciate any guidance on this.