Ok after 4 days of MS training from their security pespective I can add to what I know..
1. Security is a layered process
2. Security is about people and process NOT technology
3. Prevention is a solution but not a cure
4. There is no cure for the unknown (sic)
5. All security and or lack thereof is a compromise
6. What is you data worth and it recovery and or replacemnt is the value of your security
7. Windows products can be secure but it takes work.
8. Wireless is pretty much insecure and may never be even close to really secure.
9. Anti virus Patch management and software updates prevent the bulk of security issues.
10. Security only keeps the honest out.
11. Try to make your network less attractive ..
12. Remote access is very vunerable from an AV point of view
13. Multiple firewalls is standard practice NOT best practice
14. IPSEC is your friend can be very good tool.
15. TEST much security stuff as most products / code is insecure so when security is applied stuff tends to break..

This is just a quick short list in my head as I start to really digest I will get into details .. But I can tell you folks get out your check books this is gunna hertz..
Should you panic... no,
Should you start to tremble just a tad and look for valium samples yes
oz

Ozzie - I have contemplated isolating my internet/email activities on a clean computer (OS, email server, web browser, simple WP program) from my important stuff (financials, etc) on a separate computer without internet access. Is this a worthwhile thing to do?

PS - cool avatar!

PS - cool avatar! ...thank Big Doc for the Avatar
Yes today given all the security issues out there and the fact that you can swap stuff over with usb hard drives than can hold a bunch of data. rewritable cdroms etc it makes sense to keep critical stuff of the network..

I am working on some stuff that shows different design options but it will be a while ..

oz