Question about firewalls.

["Allan Schon" <allanschon () mckinleymachinery com>]

I have a quick question about basic network/firewall setup.

I am about to move into a new apartment, and am taking the opportunity to rethink the way I have my private network set 
up.  I currently have a  box running Slackware Linux v9.0 running iptables as the main firewall/gateway to my broadband 
connection.  I also have web, mail, ssh, and a couple other servers running on that machine.  My desktop computer runs 
WinXP, and my roommates each run Win98.  I have a few extra boxes sitting in a closet collecting dust, and I was 
thinking about bringing them online.

Would I gain any security by dedicating one machine to firewall/NAT functionality and forwarding ports on to another 
host? The only advantage I can think of is that a root exploit on any of the services I allow through the firewall 
would essentially give the attacker free reign over my entire network, instead of just the single machine.  The primary 
disadvantage is the one which my wallet will experiance, as keeping another machine running 24/7 will increase the 
electricity bill somewhat.  Do you think that the real gain in security(if any) is worth the added cost?

--
Allan

---------------------------------------------------------------------------
Thinking About Security Training? You Can't Afford Not To!

Vigilar's industry leading curriculum includes:  Security +, Check Point,
Hacking & Assessment, Cisco Security, Wireless Security & more! Register Now!
--UP TO 30% off classes in select cities--
http://www.securityfocus.com/Vigilar-security-basics
----------------------------------------------------------------------------