1. IP forwarding is not enabled between the NICs. If ?Yes? then disable IP forwarding .
2. Winroute Pro for NAT/Firewall does not have application level protection as it?s mainly a packet filtering firewall. Just (always) default to denial ,except the ones specifically needed .Also it would be better if you can use some application level firewall and a good example of that is Gauntlet Firewall from CA.
3. If you are hosting DNS services then make sure Zone transfer is disable.
4. Take off all the unnecessary services from the box.
5.To make it more secure: Build a VPN tunnel (use IPsec or PPTP) between the DMZ NIC and Internal NIC & set the filtering to allow only the two machines to talk through it.
6.You should disable ADSL when not being used.
7.Disable NetBIOS over TCP/IP
8.Scanning Tools are helpful in finding the security holes. Use Portscanners as they can tell you what ports are open and use SATAN: The best tool to anylze and monitor traffic on the network.
If you need a comprehensive step by step approach to penetration testing GOTO : http://www.wittys.com/files/mab/fwpentesting.html
This was first published in March 2002