How secure the internal network should be is another issue that I have had “heated discussions” with my co-workers about. They argue that if we “make sure” that the firewall is secure, then we don’t need to worry about the security on the internal network. To me this is the same issue as locking the front door, but writing the safe combination on the wall. Based on my own hacking experiences, I think that it is unwise to take anything for granted.
Here again, you need to weigh security with convenience. In most cases, the inconvenience of slightly slower connections or an extra two seconds to login is negligible compared to the damage cause by a malicious intruder. The best approach is to address those issues that we talked about earlier, including implementing the private IP address as defined in RFC 1918.
In addition, you should very much be considering implementing the same security on the Internal machines as you would on your gateway. The reason is security. If any intruder breaks into the gateway and if they can then get into the internal, how safe of the other machines. If you left holes open on the gateway, the odds are the holes are on the internal machines as well.