passwords: not easy to guess or crack; No default or blank paswords; change periodically?
firewalls: host-based or network-based, packet-filtering by IP or port, stateful inspection, (caching) proxy server
antivirus etc. Updated with virus signatures.
install and running minimum services.
updates/patches, esp. security fixes
backups of data. offsite is ideal.
log files enabled and review.
security protocols: IPSec, PPTP, L2TP, SSL/TLS, SSH, WEP/WPA
user training/education, procedures, policies, punishments