In light with adding as many security layers as possible to various environments I am responsible for I have come acros several interesting (Knowledge Base) articles, one of the foremost is this link http://www.infoworld.com/d/security/10-crazy-it-security-tricks-actually-work-196864 which details 10 steps on improving security in large and small networks. Although I find honeypots and tarpits a bit overkill for small environments simple things like changing the mapping of RDP ports did catch my eye as a critical “oversight” of an easy fix. Ofcourse you should simply not provide external access to RDP, but if you have to I would suggest doing it on an alternate port. See http://support.microsoft.com/kb/306759 for more details.
Ofcourse at first I thought ‘Well I don’t have to do this, all my RDP is behind firewalls and only accessible through VPN and also requires usernames and passwords which changes regularly’ but security is also about protecting what you think will never be hacked. If by some mirracle people do find entrance into your network through one exploit do you really want them to have full reign of your entire network? Especially when it comes to servers hosting critical data we have been seeing more and more data theft in recent weeks and months. Beefing up security should be a major concern to alot of system admins, at the very least take a good look at your current situation and think “how could I possibly hack my own systems?” or “what if this layer fails, what will prevent people from moving on?”.