1. The router / firewall has to support some sort of rules....the most common are ACLs (access control lists). You simply build a rule blocking the name or IP, or reference a pool of names / IPs you have previously setup. You can also achieve this with a proxy server or other software (Spector CNE or 360).
2. There are many types of remote connections...VPN, RDP, services such as "GoToMyPC", etc. You can see everything an employee is doing only with certain software (again, Spector 360, etc.). To see if an employee disconnects a cable..there are a few ways. If you have a monitoring program that checks all comptuters, you can setup an alert...via email, pager, etc., depending on the package you buy. Whatsup Gold is a well known one... Nagios is another Linux based package.
3. Everything is not encrypted, unless you take measures to do so. You normally wouldn't need to encrypt internal LAN traffic. You would, however, want to encrypt any eCommerce check out systems, if you incorporate those. You may also want to encrypt or secure sensitive data (HR related things, CC information). There are many different ways to do this, so it really depends on your infrastructure and who needs access.
4. The most common routers are Cisco, IMHO. If you need reliabllity, you don't want to run your business behind a Linksys or D-link home router. Cisco, and other high-end router manufacturers, also offer "hot standby" configurations that have another router, automatically updated with the configuration information, ready to go in the event the main router(s) fail.
5. You can control all OS updates completly with Active Directory and / or WSUS (Windows Server Update Service).
This is a granular control method where your computers update via YOUR update server. YOUR WSUS server is the only one that contacts and Microsoft directly, and your WSUS administrator sets controls on what / where / when updates and patches are applied.
Hope that helps!