In the organisation, all the hardware or software requires system or network hardening in order to be truly secured. This can be established by disabling non-required system services, to renaming access accounts and resetting passwords. Any organisation network without a properly configured IPS or firewall is an insecure network. In many instances wherein poorly implemented products have been disabled or ignored, after admins got tired of the false positive warnings. Understanding what you are trying to protect is the key to effective deployment then fine-tuning accordingly. No access or user name and password should be left to default. Any outgoing rules are just as important as the incoming rules. Also, tuning firewall