Simple Question, what is the basic security measures you'd recommend for a 3 man office?
Security, unfortunately, is always a cost. It never brings in revenue. There is a trade off of security which prevents downtime vs expense of locking it all down.
I've been an Ubuntu user for years, and have had to step up my knowledge of security when we began getting web hack attacks last year from China. I had to learn about dd-wrt and install a better firewall, but I know that firewalls are not the biggest hole but one that gets the most attention.
Part of the answer lies in what we do, which is just oil and gas data warehousing. A breach would steal data which is only valuable to 100 companies on earth. Further the data is perishable, so after a year or two it is worthless. Thus, we've been more concerned with silo-ing our CRM and our main db.
But I'd like to hear what else should we do. Setting up a snort station seems like a bit of a cost and overkill for a 3 man office. App-armor maybe?
I've read the links on Basic Safety and some of the more advanced by bodhi.zazen Ubuntu Security.
I know I need to meet the basic level, but beyond that I'd like to hear your opinions.