Re: firewall suggestion

  I do appreciate all the replies, 
  >Cisco pix 501 I think. 400$ loaded out of box secure as hell

  this sounds like something I can get in the budget...
  >Upgrade the router to the current support OS (Cisco IOS, or ???),
  >lock down the router security, and add ACLs to block inbound and
  >outbound spoofed IPs, "junk" traffic, and ports and IP protocols which
  >you do not use between the Internet and your DMZ/private LAN. e.g. if
  >you don't have an IPSEC VPN, drop and log all ESP and AH traffic
  >at the router.

  would the pix 501 have some of these features
  >collate your FTP and webserve into one, preferably a Linux box - with >the 
box you gain from the migration you could build another Linux box >and stick 
squid and snort on that.

  this sounds like what I would like to do, but my Linux box is a 350 proc, 
from AMD and only got either 64 or 128mb of ram do you think this will hold up 
to the abuse of being a web/ftp server and not fail...

  >I would avoid using a 2KPro box as a web server, since 
  >you will be limited on the number of connections... Use 
  >2KServer for any server based services.

  didn't know that, will defiantly look into other options now...
  as for basic office maintenance I have the corp. ed. of trend AV, it lets me 
do all the updates across the office, also I have a routine about updates and 
patches for the offices, 

  ipcop is another thing to add to my list of things to do, after I get the 
apache up and working..

  thx for all your help and suggestions
  you make it seem easy...