Keep the system updated
The risk of not being up to date is huge in the world we live on. Hundreds of vulnerabilities are being discovered day by day by security experts you should be aware of. It doesn't matter if your anti-virus is special or your firewall is wicked sick, trust me, for a hacker it's not a big deal to write some bof and win.
Follow the updates regularly and don't miss a thing, patch every hole. In windows world you may use WSUS feature in your server to serve updates to your network clients, this will save bandwidth in the network and save you before some unwanted patching.
Minimize the threat
A server should be installed only for the exact needs, if you're dealing with a server which you obviously don`t know what goes in and out, you're finished. Only the required services and protocols should work fine, rest should be disabled or removed. If you're working on windows environment, make sure to use group policy and the security configuration wizard to help you.- Use DMZ,.. demilitarization zone is a network added prior to the internal 'protected' network for extra security.
- Use Firewalls, play your game and create your own rules in order to win. Policy-based filtering, iptables etc.
This tool should help your windows computers.
