Clean machines used for ThinApp packaging need to be network connected to some degree for access by technicians, to ship installation packages (etc) to them and to ship the products of packaging to their required destinations.
However, clean machines are, by definition, un-hardened and thereby vulnerable - given that they lack the latest patches, firewalls, antivirus, HIDS, etc.
What measures do you take to protect clean machines during package building to ensure best security practice and/or to adhere to you company's security standards?