At this time our "security" is limited to virus protection software on workstations. We are looking at the PIX525 firewall. Our ISP manages our router, but it is on site. What extra measures should be taken after installing the firewall?
We have a small wireless network that we use for accounting/data collection. Currently the wireless signal is just string enough to connect workstations within the building.
Well, first make sure you have expert help in properly installing the firewall and configuring it. Make sure no user can bypass the firewall to get to the Internet. The firewall cannot protect connections made outside of it (i.e. modems, direct connections to your ISP ). Make sure all connections incoming and outgoing are blocked unless a specific firewall rule allows them. Such configuration requires a little knowledge about your network, so be sure to work with the expert if you hire that help.
You also need to examine your entire risk picture and your security policy. This means that perimeter protection is not enough, and controls on all hosts on your network are necessary. Things like the antivirus you are using, personal firewalls, patch updates, control over computer configuration and much more.
Also, you wrote that you have a small wireless network that you use for accounting/data collection and that your current wireless signal is just string enough to connect workstations within the building. Don't assume that this is true. Companies are often surprised at how far that signal can reach when a determined individual mounts an attack or when someone just gets lucky. Also, when contractors, salespeople and visitors come into your building, they now have access to that network -- which seems like it has some very sensitive data on it. Please be sure to implement encryption and look at WPA and PEAP and other security measures for wireless networks.
This was first published in September 2004