A network security device that does not require a separate computer for implementation is disclosed. The device may be in the form of a boxed hardware component and may be configured from an HTML interface. The device contains and uses three network cards. The first two cards are used for the firewall. A third card is a management interface having a private, non publicly routed IP address. A first network card forwards packets to a packet filter. Packets which pass the packet filter are then forwarded to a second network card and subsequently to their destination. None of the three network cards have a publicly routed IP address. The device acts as a packet filter that bridges rather than routes or proxies. The device may be connected between a router and a hub or a server machine.