Hey im just looking for some good suggestions, and i know you people got'm

Im looking to put together a smal network, including a server, for a small practice. As far as a server goes its gotta be windows, the software needed to be run on it is windows only. Should I get something with Raid mirror functions for backups, tape drive? What is some good backup software (Not too pricey) Can i get a cheapy Array controller (Not really familiar at all with RAID to begin with)?What about Switches/Hubs, only maybe 5-6 PC's + Printer gonna be on the network. As far as security goes, should i setup a little junk box at the source and maybe run iptables/chains blocking everything incoming? Is iptables easy to configure (I ran it a while back)? Would it be stupid to just setup iptables and then route that to a Linksys router (sounds cheezy i know). I know this post is all over the place, but i'm trying to cover every area possible. Any recommendations for servers, IBM, HP, etc. If you want to check out the software that will be used, its something in the area of this http://www.dbconsultants.com/ basically that type of software. Any suggestions, be my guest. Thanks ahead of time. I really do appreciate it. If you can recommend a specific type of server that will be sufficient please do so, I'm leaning towards a tape drive and maybe two 72GB SCSI Drives (RAID 1?).

I am a very big fan of IPCop as a Firewall/NAT/Router. You can throw it on a very small system (I was running it on a PII with 32 MB of RAM and only 4GB HardDrive). You can, also, plug it into a switch for connectivity. Just remember one thing:

Green is the inside address
Red is the outside address

Just set it up with 2 Network cards, have your red address plug into your Point of Pressence (DSL router, Cable Modem, Whatever) and your green address plug into the switch. Remember that the red must match the address of the POP and that the green is your own network scheme. You'll, then, point the machines to use the green address as they're default gateway.

Your green address will also have an easy to use web interface that you can use to administer your firewall.

As to your RAID setup: do you want to mirror- copy the harddrive for backup reasons (RAID -1) or do you want to double your harddrive space (RAID-0)?

You might want to check with HP and DELL for your server, or build your own.

Good luck with your practice

I wanna mirror for backup reasons, would iptables be acceptable too for a firewall? thanks for your reply.

RAID-1 is NOT a backup solution! It's used for redundancy incase one drive fails. The reason it is not used for backup is because everything that is done to drive 1 is mirrored to drive 2 this includes, deleting files, formating hard drives, virus infections, etc. Tape backup is a very good solution as long as you rotate the tapes and replace them often.

That makes sense, thank you. Any suggestions on the tape drives? I really dont need much space..

Tape is rather obsolete for backup purposes when extremely dense USB 2.0 hard-drives that can fit in your pocket (or in a safe-deposit box) are available for only a few hundred dollars.

If you want to create a really secure network, you need more than a firewall. Most corporate networks are like a chocolate truffle: once you get past the thin, crunchy shell, there's nothing but sweetness inside. Not another obstacle to be seen. If you can get into one machine you can get anywhere. That shouldn't be.

All of your passageways into the network should require VPN. (Virtual Private Networking.) The only exception might be if you're running a web-server in which case there is a port to this server, which is running as an entirely "stupid" unprivileged user (no logins permitted) with no access to anything except the minimum that it needs to run. All other access to anything anywhere, from the outside, must pass through VPN.

Furthermore... all traffic inside(!) your corporate network should require VPN as well! And this is a separate circuit. All of the traffic that is passing from one computer to another, inside the 'perimeter,' should be encrypted. Someone who brings their laptop in without authorization, like someone sitting outside the building eavesdropping on the wireless, would not be able to connect to anything.

Every bit of this encryption should rely upon individually-issued digital certificates, assigned to each machine and/or user as required, not merely passwords, pre-shared-keys or XAUTH.

"A lot of work?" "Too much trouble?" Hmm, usually the case. People secure their buildings carefully but never their own networks, where the true crown-jewels of every business are so carelessly stored.

DON'T!!!!!!!

Just as sundialsvcs said: Anyone sitting in the lobby or in their car on the side of the building can hack this type of network. My opinion: Use Wireless like a DMZ. Keep it on an entirely different network. After all, if you can wire your own building, it's a lot more secure. Really, wireless should be for the home anyway, not the office.