Security practices by the NSA
One of the guys I worked with in the past (tomb) came across this several years ago when we were helping a client install some servers. The National Security Agency (NSA) puts out guidelines on best practices to lock down software and operating systems. You can check out their guidelines for a variety of OSs, databases, browsers, routers, and more at their website. If you run these systems you owe it to yourself to at least take a look at these guidelines and see if you are open to security issues or not. If memory serves, be prepared to have a pretty locked down system that requires you to take extra steps when you need to perform maintenance or other installations.
They even have a lockdown guide for Windows XP workstations, but only if they are generally part of a domain (wasn’t intended to cover XP Home or workgroup Professional machines).