Hi.

I wanna ask your ideas on how to setup the security of a network.

I have 6 Computers, 1 router, 1 switch and two ideas.

1st idea :
One of these computers takes the role of a hardware firewall and i attach to it the switch and then to the switch the rest of computers.
In this way firewall-pc will work as Packet filtering , IDS & IPS while the other PCs will be just with their OS and system encryption.

2nd idea :
Here i thought to add ip-tables rules, at all of the PCs plus system encryption and the firewall one only IDS & IPS.


What you think is the best idea for a network like this ?
Maybe i made a mistake somewhere, so any suggestion is welcomed.

Hmm..nobody has an idea or to suggest something ?

Kind of depends. Security not being a goal on its own you would usually look at the purpose of (a set of) machines, design 'net layout around that and then decide where on the perimeter you would place your IDS sensor (in essence the question is: "what is it that you must detect?" There is no rule saying you can't have a sensor anywhere you want to. Wrt firewalls people often say that if you're behind a NAT router all is OK (aka "don't worry") but that doesn't take into account the NAT router having become a SPOF (power failure / reload firmware restoring default "allow everything" rules) and the fact that next to traffic regulation a host-based firewall can also do traffic accounting:
-If for example you have a 2 machine web server setup (HTTP + IDS, MySQL) and 3 workstations you could confine the latter 3 to their own network segment and the web server machines to a DMZ. That would leave one machine for the central router / firewall / IDS role (Vyatta, pfSense, IPCOP, etc, etc).
- If you already have a dependable OTS router (nothing beats that wrt power consumption) running some Linux distribution (Draytek, WRT54G, MicroTik, etc, etc) already providing customizable firewalling, routing and traffic control then you could place your Snort sensor between modem and router (or if your router has a SPAN port you could place the sensor there) and divide the rest of the machines in VLAN's according to their role. There's no rule saying they can't all run an IDS nor that one of them can't double as central network analysis workstation.
- If unfettered network analysis is your fetish then you place one IDS sensor between modem and firewall, one behind the firewall, have both dump traffic captures to storage, alerts to a central syslog machine and configure one machine as a network analysis workstation. That would leave you one machine for the router / firewall role or as workstation ;-p

In short knowing what you must detect dictates sensor placement.