Actually, ya... we, the current IT Team, inherited this mess from another guy. We used to have ONLY a soft firewall, MS Internet security or some such crap like that. Oh ya this network was a huge mess. At least NOW we have a hardware firewall in place.
But yes, it does go from Internet > Modem > Firewall (Hardware) > *.*.2.* Network. we have 2 outs form the firewall, the other one goes into another 2 network switch. (Replication).
You can see why it is we need some better security in this place.
What i want is to have an inclusive system. Sort of a redundant soft backup, what ever gets through the exclusive Hardware firewall, can be stopped one it hits the Unix Firewall in the way. That is the plan anyway. I am hoping with the tips and tricks people like yourself offer, this company can tight up security something fierce. We get blasted with viruses like nobodies business, well we are BETTER now that we have some new firewall policies in place. we went form like 10K in a week to 20 even.
Security is a nightmare in this place. they have been so used to being open that the idea of closing them off is a threat to them for some reason. So we have to do things slowly, bit by bit we have cleaned things up nicely. Things are running a LOT smoother now than they used to be, that is for DAMN sure.
so OpenBSD you say? Hmmm. And i agree no flam warring, facts only, opinions are important, but statics are more important, that is what my Bosses care about when they sign off on buying this stuff
I look forward to more replies, and i will give those links a look see.
thanks.