CISCO’s network defence training session at Blackhat 2012 included 7 network security best practices. These can be summarized as; hardening of network devices, enabling syslog on all network devices and correlating events across devices, enabling Netflow on strategic network devices and analysing the information to understand traffic patterns, using DNS logging to identify potential issues, and finally combine all info gathered from these tasks to construct a network IP traffic baseline. This will help you detect and understand abnormal network activity.
Read more here – http://blogs.cisco.com/security/network-defense-at-blackhat-2012/