@EncryptedBytes...if you're reading this and have a good "short list" for hardening XP (not to NSA requirements, but enough to stop malware from spreading, and bots from using it), that would be appreciated. I saw your posts in the "Security Hardening Windows 7 64 bit install" thread, but I couldn't post to that one because of the age, and PM isn't working for me now/yet. I'm the lone IT guy at a medium sized business, and I'd like to tighten up security a bit. I'm not familiar with hardening systems, but I'm trying to learn. I've also become very interested in network monitoring, after years of our network getting slower and slower...I'm convinced we're compromised/infected to the eyeballs, but I don't have the skills to prove it to the owners, so they won't spend the money to have somebody come in for remediation. I installed Security Onion, but since I don't know what I'm looking at...it all looks like threats. I took Richard Bejtlich's "TCP/IP Weapons School" class only coming away from that realizing that I knew even less than I thought I did. I'm trying to get some books read on "Windows Desktop and Server Hardening", "Hacking Exposed" and "Practical Packet Analysis", but that will take some time to sink in. We're forced to stay with XP for now, because the ERP we currently run won't do Windows 7, but we did just upgrade all of our servers to MS Server 2012 AND virtuallized them all. However, our ERP server is a direct P2V of MS Server 2003 running MS SQL Server 2000. Nothing is hardened, and all we have is a Cisco firewall and a Barracuda SPAM filter. I've downloaded every free tool that Mandiant and HBGary has to offer, but again...I don't have the skills to decipher what "Redline" or anything else displays on the screen for me. I'd like to start chipping away at this problem, but I'm not sure of where to start. If we're really infected with malware that is using our network, will hardening workstations one at a time help, or do I need to get a hardened image ready for all workstations and roll it out all at once? And the servers, I guess they will all need to be remediated and hardened at the same time? I've been looking at different imaging deployment software (FOG Server, Microsoft's WDS, etc), any preferences? Are there any Network Security related groups in the MD/PA/WV (more towards Western MD)? I see ISSA.org has a Baltimore and Blue Ridge chapter, but are there any other organizations? Are there any former "NSA" types or similar individuals in my area that would offer some sort of private training/mentoring for network monitoring, or is SANS the best way to go?