See any flaws in this network? *pic*

I've been asked to design a small network and I'm a little rusty. Can you spot any glaring problems in this initial layout?
Requirements:
- Ethernet for approx 20 PCs/Network devices
- WiFi for a handful
- Print Sharing
- Secure network storage accessable from outside the LAN
- Ability to backup network storage
- Decent wired/wireless protection

http://m3tal.com/lj/network.jpg

and the justification:
Router:
The Linksys WRT54GS-CU takes care of several important tasks. This will act as the first component in the chain after SBC's supplied DSL modem. To make sure the network is secure this model has a built in firewall, which can be customized via a web browser at any computer on the network. Just set your admin login/password to make sure that you and a trusted few are the only ones allowed access. Also this router has the current standard 802.11g WiFi for your wireless needs. It is also backward compatible for visitors using the older 802.11b protocol. Wireless access can and should be restricted to your preferred users using the built in WPA wireless encryption. There are 4 available Ethernet ports, will use one to connect to the 24 port switch.
There are newer Linksys WiFi routers available but the main changes are the addition of protocols that are not yet industry standard. While promising faster wireless access if all connecting devices use compatible network cards, they could easily go the way of Beta-Max tapes.

Switch:
The Linksys EtherFast EF4124 port switch will handle the bulk of network traffic. A relatively simple device, it acts as a traffic light for all information on the network. Collision detection makes sure all data is passed uncorrupt and goes to the proper destination. Full Duplex allows it to send and receive data simultaneously. 24 ports to connect network devices. All Ethernet computers and printers will use this as their hub. Rated 5 of 5 on Newegg and Amazon. Ideally Cat5e Ethernet cable will be ran individually to each networked device within the office. If necessary an inexpensive hub can be utilized for a cluster of computers, but this would negate the collision detection for that area.

Network Storage:
This is one area where Linksys really fell on its face. They consistently rated below average. The Buffalo Technology LinkStation HD-H250LAN looks to be a much better choice. It provides 250 GB of storage accessible via the network and is both PC and Mac compatible. Users can view files via a web browser, ftp, or windows explorer. This should also be accessible outside the network since the Linksys router and switch can be configured for VPN or Virtual Private Network, for users outside of the office. In addition if 250GB proves to be a little tight in the future, additional drives can be added. This network drive can also schedule backups to an external USB drive or over the network to another computer. This and its sister drives are rated between 4-5 stars on several review sites.


Alright? A disaster?

 

+1 for the surge protector, or UPS

How critical is the companies network uptime? A lot of companies have on-site spares for the central points of failure (in your case the router or the switch). Depending on the throughput needs of this company you may want to invest in a more expensive router as well.

 

Ok, I'll suggest the UPS/surge.
Throughput isnt a huge concern with this network since they'll mainly be doing email, MS documents, and web browsing. No heavy items like streaming video or file sharing.

They have an old 16 port switch which they can use if the 24 port goes down which is just barely enough for all users.

 

Make sure to configure the uplink between the switch/router as 100 Full Duplex on both ends. Those lower end switches & routers don't always auto-negotiate well and you don't want more bottlenecks than you already have.

I agree with the others that you might want to look into a better router. Consider that your Linksys is a home firewall; its NOT designed to protect a business. Also, you might want to check Google about that particular Linksys router that you have. I know that the "WRT54G" had a lot of security holes in it at one point; those might be resolved in the later model that you have, but it wouldn't be a bad idea to check that too.

I'd also recommend renaming the SSID of the AP, disabling the wifi beacon, use at least WEP-128 (better yet, use WPA if your devices support it) implement MAC address control on the router to ensure that only the wireless devices you authorize can use the device, and if you really want to secure it, turn off the DHCP server option on the device and change the addressing scheme to an entirely different class like 10.20.0.0. Implementing static ip addressing is not very fun, I know, so you could also use address reservations if you don't want to turn off the DHCP server. Also set the management ip address to a statically assigned address so that only you can make changes to that router. You don't want to risk someone guessing or brute force cracking your router's password and changing your settings to make it less secure. These options will make it harder on the snoopers in your area who might want to gain access to your wifi network.

 

I would totally agree with the folks here that say the LinkSys router may not be the best choice for a 20 workstation network. I would suggest something like a Sonicwall TX170 wireless router with firewall, DHCP and anti virus capability.

-Jim