MY GOAL I am currently helping my Uncle's business by creating a server in his office and I am looking into making a VPN.
THE PROBLEM My uncle is extremely paranoid about data security. He is a Forensic Engineer that gives his expert opinions during Criminal and Civil trials. His main line of work is investigating car accidents , and analyzing mechanical failures to determine the faulty party. Needless to say, his data is extremely sensitive and some of his cases have been against large car manufacturers; "Million Dollar" cases. He recently had a mechanical failure of his hard drive, which cost him a lot of "reputation". He does NOT want this to happen again. He wants me to protect against: THEFT, FIRE, VIRUS'S, INTRUDERS, MECHANICAL FAILURE, POWER SURGE, POWER FAILURE etc..
MY SOLUTION I have created a data server using Debian Linux. The server has a RAID 1 array with mirror drives so that if one drive has a failure, the other one is backed up. The server has been modified with a special power supply that can handle circuitry failure, voltage damage etc.. and prevent certain things. I have outfitted it with the necessary cooling pracitices; extra fans and heatsinks. The Server is locked in a tight metal cover and has a padlock on the back. I have installed dust filters over all of the intake fans to insure a dust-free environment. I am still debating whether to implement error correcting RAM... (any opinions? would I have to change my mother board?). The server will be housed in a fire resistant cabinet with a back up power supply. (Does debian have power failure shutdown software?? I am using APC) There is just enough holes, to let some cabling through. Every night the server data will be backed up via VPN to an external server site (his lakeshore home) where he will have the same paranoid thing implemented.
QUESTIONS
I am thinking of implementing a wireless network. The only problem is that he uses 2.4 GHZ wireless phones for his office. So far my attempts at wireless (switching channels) have failed. The phone system costed several thousand dollars, and ethernet cables costs a lot less, so we have returned to ethernet. I was going to implement a RADIUS server if he were to get wireless.. but right now I am not sure if wireless is possible. Any suggestions besides changing the channel? (This only changes the frequency slightly, and I get too much interference from the phones on every channel)
I have ordered a static IP address to be put in (hasnt been implemented yet). He has a website that he has to pay for data storage. He wants a VPN, and he want the external server back up. Do I need a static IP? Or will a dynamic DNS service like
www.no-ip.com work? The reason I ask is because we are using SBC for our internet services. They are a terrible company, and the fastest they can make our internet in our 'remote location' (Oakland, CA) is 348 kbps. Having the static IP would be nice, because the server could also act as a web server and allow us to move his website to our own server and stop paying for web storage.The cable company offers MUCH faster service, but they cannot provide a static IP !!! Opinions? Comments?
I am planning on using OpenVPN and freeradius and openssl etc... Any better options? I am creating certificates on a computer rarely connected to the network. Where are the holes in my plan? I have only gotten as far as creating the server and mirror drives. The External server hasnt happened yet, does it need its own static IP?
Questions, comments, answers please!