[mikester]

I think in any environment that a proxy is almost as import as a firewall but in small environments folks can figure "what's the point?".

Well, mitigating risk saves money. IF the general populace can't get to the internet - well that is even better than a firewall and a default deny.

You also save on folks having carte blanche access to the internet and their various P2P apps that they don't need to run at work on company bandwidth. Using a proxy for http/https/ftp traffic means that you control what happens a lot more and that control mitigates a significant risk. Viruses are nasty little buggers and a simple AV projects is not enough.

Beyond the proxy is a firewall of course with DMZs setup for the proxy to sit in. Then you simply control access to the proxy to the corporate network and give the proxy access to the external internet via a select group of ports.

I am our network security specialist at the global company I work for and I have worked as such at a number of different types of organizations from government to ecommerce to large corporate manufacturing (at present).

Security is not cheap on the large scale but you can mitigate risk by taking a number of inexpensive steps.