I'm building a corporate DMZ. Nothing horribly complex although later it may become a little bit harder to manage when we start implementing VPN tunnels between partners (if it happens). I have a basic Router/Pix/Router with an IDS in there. All appropriate IPS and ports are filtered at the demarc router, then more specific ports and ips are filtered at our pix's, and then finally only syslog,icmp, and proxy bound traffic are allowed through our internal router. Overall pretty standard and seemingly secure. My question is what technologies are out there to go above and beyond this setup? What new techniques would you reccommend I research? Basically whats on your wishlist? Thanks
-d