Mmm...
I like your thoroughness, amourdevin.
My setup:
Hardened Win98SE box using DHCP (with ZoneAlarm [firewall] and F-Prot [anti-virus] keeping the bad'uns out) as a proxy server to the wireless gateway (hardware firewall) that connects to our cable access.
Every workstation has the same software protection as "Proxy" and updates itself every single day.
My personal WinXP (SP1) box allows Windows Update to download any and all patches, but I don't install some of them until after testing 'em on a non-networked box.
But since the law is: "Whatever can go wrong, will go wrong" (Fuck Murphy. I hate pessimists, even when I act like one!), I also run TrueImage (Server) which creates on-the-fly images (six times a day) of every HD on every computer on the LAN, and replicates them across two separate backup systems.
It does get to be a pain now and then, but... I've been online since 1989 (Text-based only. Archie. Veronica. Gopher. Those were the days... )
and I have never been infected, trojan-ed, dDoS-ed, or malwared into submission.
Amazingly enough, I still have a clone of the HD from my very 1st PC -> 386DX40 w/12Mb RAM and a 40Mb HD. What a rockin' system that was!
(WordPerfect 5.1??? Migod - this HD has WP 4.2!!!!!)
------
Shit.
------
I'm a geek.
-ManX