big security questions the deny access guy return

["Carlos Garcia" <carlosg () cabonet net mx>]

Well am a newbie in this area, but it seems that i have created a really
revolution in the list with my deny access question well as far as i could
see you are a great folks that really want to help well i have a lot of 
question about security so i really need your help

first of all i want to change the services that run in our network i have 
red hat running in 3 servers one server have the dns1 the other have the 
dns2 webmail and mail the third one have squid for cache and proxy and an 
iptables based firewall the last one have the webmail running with zeus on 
irix so i really wan to make this servers with new services and as secure as 
posible so first question

about dns what bind do you recomend and how can i protect it i would like to 
install snort to see if somebody is trying to attack in my server so should 
i use bind 8 or bind 9 and should i use a chrooted schema or not? what other 
security risk do i have to address?

about mail i was thinking in using postfix in place of sendmail is this a 
good idea? for gathering mail i was thinking in cyrus-imap and 
authentication tools but what would recomend me?

should i use snor in every server or just one ?
iptables are good enough? and i have a lot more question but can we start 
with this ones? oh a last one somebody of the list says that it is not a 
good idea to use the router as firewall is this write? why?


Atte.
Carlos A. Garcia G.
Cabonet Staff
Tel (624) 14 30120