From reading here there are many opinions on how to do certain activities in IT. This topic will be about security and the different ways you protect your network. Physical security should also be a part of that so if anyone has recommendations then please chime in. Lets learn from each other. Everyone has had good points so there is certainly something to be learned from having a discussion about it. feel free to respond to all or certain points here.
We have the obligatory firewall and I put AV on every device that comes into the shop from Dell/HP. I setup the machines so I always have a local admin account I can always use if I need to. That is in my image from SmartDeploy and it evolves as I need it to. I record all machine info into OneNote that is organized by building along with the user and mac address if I know that info at the start. I constantly patch and update applications, Windows OS, and AV from this master list. I am a fanatic about updating. I use a combination of PDQ, Psexec, and Chocolatey to this for me. We have all server rooms and network closets locked. We also use security cameras for all of the buildings. That is a little of my environment.
Everyone uses firewalls but are there certain features you can't live without?
Any firewall features that used to be important but are no longer?
Is it helpful to learn how to host our own DNS( thinking Bind) instead of using something like OpenDns?
What kind of physical security do you employ?
Are there certain types of layering that do not work well together?
Any brands of firewalls or AV to avoid?
Lastly, how do you layer your security if its different than usual?