Implementing Internet security is a multi-dimensional effort. Designing defense in-depth in this ever-changing and ever-expanding arena requires an understanding of a myriad of tools, techniques, and technologies. While the universe of possibilities is almost infinite, the practical challenges to effectively mitigate the majority of security risks on the Internet can be boiled down into a few critical rules. Hear about several key concepts and get actionable recommendations to take away and apply. We will include specific recommendations, based on our experience configuring an e-commerce application for the eWeek OpenHack 4 competition, for Windows Server 2000, IIS, web application development, SQL Server, and remote administration