Find the answer to your Linux question:
Results 1 to 5 of 5
Hi all, I'm trying to decrease the amount of PCs I have at home while keeping my network and data secure. I have around 4 servers on my network, plus ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined! victorbrca's Avatar
    Join Date
    Dec 2007
    Posts
    3

    Trying to decrease the amount of PCs on home LAN


    Hi all,

    I'm trying to decrease the amount of PCs I have at home while keeping my network and data secure. I have around 4 servers on my network, plus user PCs and laptops.

    My network is fairly secure right now. I have my web-ftp server in a dmz with no access to my LAN, a strong firewall and mostly all ports blocked for my LAN. It looks something like this:

    firewall - (server A)

    ssh - (server B)
    squid - (server B)
    virtual_machine (secure browsing) - (server B)
    jinzora (music server) - (server B)

    ftp - (Server C DMZ)
    www - (Server C DMZ)

    file_share - (server D)
    I was thinking of getting a new box with up to date hardware (the ones I have are all p3s and bellow), and run everything of it. What you guys think? Lots of security risks there?

    Any input is greatly appreciated.

    Thanks,

    Vic.

  2. #2
    Linux Guru Lazydog's Avatar
    Join Date
    Jun 2004
    Location
    The Keystone State
    Posts
    2,677
    I would say keep your DMZ stuff on their own box and separated from your LAN. Block all new connections from the DMZ as this box shouldn't be making any new connections. This would only bring you down to 3 boxes and the p3 should be strong enough to use as a firewall so you really only would need 2 boxes if buying new.

    Regards
    Robert

    Linux
    The adventure of a life time.

    Linux User #296285
    Get Counted

  3. #3
    Linux Guru
    Join Date
    Nov 2007
    Posts
    1,755
    I can see a few ways to make this work. I'd strip down to how many *physical* machines are *needed* and then run them virtualized. It looks like 3 machines are needed:

    > Firewall
    > DMZ Server/Apps
    > Internal Server/Apps

    So on one physical box with 2 NIC's:

    Install host OS and virtualization software - create 3 VM's.

    One NIC is used by the VM's and face "externally" while the other NIC is connected to the internal network (if there are other machines internally.)

  4. #4
    Just Joined! victorbrca's Avatar
    Join Date
    Dec 2007
    Posts
    3
    What I'm thinking on doing is converting everything to vm. I might get a headless box, with quadcore and 4GB of memory. That should do the trick.

    My smoothwall firewall (ServerA) would be substituted for my dd-wrt firewall. The host OS would act as a file-server and vm-server (ServerD). I'd have one vm for web-ftp with an individual NIC (ServerC); another vm for secure browsing and the last vm for jinzora-quid-ssh (ServerB).

    What do you guys think?

  5. #5
    Linux Guru Lazydog's Avatar
    Join Date
    Jun 2004
    Location
    The Keystone State
    Posts
    2,677
    If you are looking for security then the firewall box should be a stand alone box running nothing but the firewall. I would agree with HROAdmin26's idea of how to do it.

    Regards
    Robert

    Linux
    The adventure of a life time.

    Linux User #296285
    Get Counted

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •