Trying to decrease the amount of PCs on home LAN

[victorbrca]

Hi all,

I'm trying to decrease the amount of PCs I have at home while keeping my network and data secure. I have around 4 servers on my network, plus user PCs and laptops.

My network is fairly secure right now. I have my web-ftp server in a dmz with no access to my LAN, a strong firewall and mostly all ports blocked for my LAN. It looks something like this:

firewall - (server A)

ssh - (server B)
squid - (server B)
virtual_machine (secure browsing) - (server B)
jinzora (music server) - (server B)

ftp - (Server C DMZ)
www - (Server C DMZ)

file_share - (server D)

I was thinking of getting a new box with up to date hardware (the ones I have are all p3s and bellow), and run everything of it. What you guys think? Lots of security risks there?

Any input is greatly appreciated.

Thanks,

Vic.

[Lazydog]

I would say keep your DMZ stuff on their own box and separated from your LAN. Block all new connections from the DMZ as this box shouldn't be making any new connections. This would only bring you down to 3 boxes and the p3 should be strong enough to use as a firewall so you really only would need 2 boxes if buying new.

[HROAdmin26]

I can see a few ways to make this work. I'd strip down to how many *physical* machines are *needed* and then run them virtualized. It looks like 3 machines are needed:

> Firewall
> DMZ Server/Apps
> Internal Server/Apps

So on one physical box with 2 NIC's:

Install host OS and virtualization software - create 3 VM's.

One NIC is used by the VM's and face "externally" while the other NIC is connected to the internal network (if there are other machines internally.)

[victorbrca]

What I'm thinking on doing is converting everything to vm. I might get a headless box, with quadcore and 4GB of memory. That should do the trick.

My smoothwall firewall (ServerA) would be substituted for my dd-wrt firewall. The host OS would act as a file-server and vm-server (ServerD). I'd have one vm for web-ftp with an individual NIC (ServerC); another vm for secure browsing and the last vm for jinzora-quid-ssh (ServerB).

What do you guys think?

[Lazydog]

If you are looking for security then the firewall box should be a stand alone box running nothing but the firewall. I would agree with HROAdmin26's idea of how to do it.