Know what computer is for
software must reflect purpose
- workstation ?
- dedicated server ?
assume out-of-box systems are insecure
- most have old, vulnerable servers
- with everything enabled
- well-known, unnecessary accounts
usually disable services; seldom enable them
beware of interactions between services