Since we are soon to get an 'always on' broadband connection with a fixed IP address (it's not ADSL, it's wireless but that doesn't affect things really) I'm looking into what new things I will be able to do and the security thereof.
I have already resurrected an old machine and have installed ipCop on it, that's fine and will block most external access. However I do want to allow *some* access, in particular I want:-
ssh access to the ipcop box, this will allow some administration and will also allow access (via another ssh connection) to my Linux server machine on the GREEN side.
Access to an IMAP server on the Linux server on the GREEN side by port mapping through the ipCop box. (I know a separate ORANGE subnet is really the way to go but that means yet another machine I have to administer etc. which I want to avoid)
In the real world how vulnerable will these two be? Will I get incessant hacking at the open SSH port on the ipCop box trying to guess the password or will it just be the occasional port scan? Assuming the password is secure enough (i.e. unguessable enough and not published on the internet somewhere) will I be basically OK?
I may be able to limit the SSH access in particular to only certain client IP addresses but I want the IMAP to be accessible from anywhere. The IMAP server will probably only have two or three accounts on it and I will have control over passwords (though not where they're kept maybe).
Does anyone here have any experience of how vulnerable in reality such systems are? I'm not after Fort Knox, I just want things to be reasonably safe.