Not a physical switch (as in an on/off switch you can just toggle), no. If your switch (the thing you plug your ethernet cables into to make your network work) is reasonably modern, however, there are all sorts of things you can do, including simply shutting down the port that outside line is plugged into. Or, more prosaically, you could just disconnect it when you aren’t using it. That’s the simplest way to achieve what you are going for.
Yep, it’s a valid concern. They will be inside your network at that point, which makes it much easier to hack you.
Walk up to the switch and unplug the ethernet cable that connects to the outside. That’s the easiest way to do this. Or, get into your switch (most switches today simply use a browser and some RFC-1918 static address to allow access…sometimes it’s your gateway address, if your switch is providing DHCP) and shut the port down. Or, as another poster mentioned, a lot of switches allow you to do what’s called MAC address filtering (if you want to get fancy). Basically, only Allow computers to connect on that port (or on the entire switch) that have MAC addresses of machines you want to allow. That would be fairly secure.
I have to admit, I’m not sure what you mean by this. Do you mean 4 PORT switches? You can get an 8 port switch at any electronics store, or even Walmart. They are cheap and easy to use and install…and just about all of them have the features I mentioned (plus some more if you REALLY want to get fancy…you could set up the port outside as a separate VLAN, for instance, and do some additional security with that).
In the end, the most secure thing you could do though is just disconnect that cable from your switch unless you are using it.