Why in-house?? Even if you put the server outside your firewall, you will still be telling the world where your network is and setting yourselves up for an attack. Far better to host your site on a secure server at a good ISP, or co-locate your own server with them. Let them worry about their network security rather than you worrying about yours. Get your systems people to re-think this on security grounds.
Any entry-level server from Dell, or Sun, or similar will handle the load. Stick to a Unix operating system (solaris, linux, etc) and Apache for any web server; NT and IIS are a complete pain in the a$$ by comparison, and full of security holes like all Microsoft operating systems. Software for Unix systems is also a lot cheaper, or free.
It is not the number of hits so much as the size of your pages, and hence the number of packets sent, that will define the bandwidth required. If you are only sending 1 or 2 mostly text pages to each visitor then a high speed DSL link would probably do. If your site is graphics intensive, or visitors will be looking at many pages then you'll probably need a T1 Frame Relay for high availablity at peak loads: Expensive.
But again, if you co-locate your server at an ISP, then you will be able to contract for the average bandwidth that you use, and raise or lower the upper limit as required.
