forensics honeypot and properly seperating networks

[David S <securitydabbler () gmail com>]

Hello all,

I am trying to achive a goal and I'm looking for a bit of advice from the
list. All constructive or not so constructive critisisms and ideas will be
appreciated.


--A little background
I've worked with Linux/*BSD/Windows Administration and DBA type work for
about 6 or 7 years so I'm comfortable there but I'm moving into the security
realm and don't have much knowledge past access control and the basics. I've
read a lot but haven't put much into practice. I'm a bit weak with regards
to the network side of things. I'm on a budget for new hardware, probably
300-500 USD.

--My current home setup
{
Beefy Linux Box
Beefy Windows XP Pro box which I use to surf, internet banking, home
budgeting, amazon etc.
Normal Windows Home (family box)
DSL with Static IP
Linksys Wireless Router, all Above natted
Linksys Switch
} For argument's sake I'd like to label this the green zone or green network
3 unused Frankenstein desktops that need to be ultilized and can be
canabilized and turned into whatever


Goals
1. Most importantly Completely keep the XP boxes and my linux box safe for
use for internet banking, billpay, confidential info, work etc.

2. Put my frankenstein boxes ( I'd like to have a Windows, Linux and a * BSD
box ) out in a "red zone" that can serve as a honeypot of sorts.  I'd
like to be able to watch as people attack these boxes, pull some
forensic data, look at the logs to teach myself how they got in and
how to better harden my boxes. Play around with the different Linux
and BSD flavors, build out an IDS box to capture traffic, perhaps
setup a syslog
box. I'd be totally ok with rebuilding after they are torn apart.

3. Practice my own vulnerability scans and pen tests against both green and
red networks from two dual boot laptops loaded with tools or knoppix-std
etc. and again watch the IDS flip out as I run tests

4. Again --Very important to keep my "green zone" boxes safe to use for
surfing, banking, identity protection etc.


Questions:
1. Can I accomplish what I mentioned I need help with without adding too
much risk to my green zone (Linux and XP Pro box). I'm worried about someone
gaining root/admin on the "red zone" boxes and attacking my "green zone
boxes"

2. Should I utilize one of my old desktops to setup a firewall or
router as something
between green and red zones.  Will IPChains do the trick?

3. Compiling a firewall I can do, setting up routing to deny traffic
I'm a bit confused.  Would I create two networks and just deny traffic
from red to green and green" to red.  But allow green to access
outside world?

4.  I've heard pvlan (private vlan) used around the offfice, would I
need a high dollar cisco device to setup a private vlan so that things
can't see each other?

5. Buy another hardware router and seperate the two networks?

6. Some other plan that I haven't thought of this morning?


Thanks again for any suggestions any of you have. Security has been my
driving interest but it's time for me to move past newbie and spend the next
year gaining some moderate knowledge.

thanks for your help and reading my post that rivals the length of war and
peace.

David
securitydabbler () s1 com