Secure your network the proven way
I just finished reading Chapter 15: Securing your Network, of the Improving Web Application Security: Threats and Countermeasures guide. The amount of stuff that has to be configured and secured for even a small network is incredible. Instead of abstracting away the complexity of the network and what it can do, advances in firewalls, routers, and switches have shifted the complexity to securing so many different devices. That is why the Enterprise and Internet data center guides are so important. They at least start you off with a base that meets say 80 percent of your needs (maybe only 50 percent, perhaps as high as 99 percent), and then you can modify, secure, and test only the changes from there. These guides also come with lists of hardware configurations that are proven to work. I've had times when something as simple as a "standard" network card and "standard" sound card did not want to play nice together; these lists alone are worth the price ($0, you can pay by cash, check, or credit card). Also reading the data center guides gives you a reference point when discussing issues with your network guys, so spend a little time spelunking.