(moved.)

OK, there are a couple of main security models in terms of firewalls.

• One Internet gateway firewall that's extremely secure, and all the other computers insecure. This is the most common model. Benefits of this model are that security updates only need to done on one system, disadvantages are that once the hacker is in, your whole system is compromised.
• Firewall is in place on main gateway, but firewalls are also installed on every network client machine. Benefits of this is that it's very secure, disadvantages are that it will become increasingly difficult to maintain security updates on all machine and still keep the network running.

As most people opt for the first one, that's probably the best one to go with. It's still very secure, and like I just said, it's very easy to maintain.

Your router has a built-in firewall, so your router can double as an Internet gateway. However, you might want to consider getting a seperate Internet gateway machine (woud have 2 network cards, one connected to the Internet, and the other connected to the WAN port in the router) that all the data has to pass through before it gets to the router, if you find the router's built-in firewall to limited.

Hope this helps

What kind of router are you using? Is it a cheapo LinkSys/D-Link/Netgear/etc or is it a more robust FIREWALL (Netopia/Cyberguard/etc.)? Do you have access controls in place? Do you allow VPN access into your network (so people can work from home)?

What KIND of data are you trying to protect? Do you fall under GLBA/SOX/HIPAA and are therefor required to meet government regulations for securing data access?


Do you have antivirus installed on all systems? What kind of spyware protection do you have? How are you preventing your inside users from downloading potentially harmful files from the Net that can initiate connections that bring in potentially unsafe content?

Some more details would help..