As I'm in the process of moving my 'home server' across to a new machine it seems a good time to check out the security aspects.

The machine runs behind an ADSL router which provides the firewall. I have the firewall set up so that the only access allowed from outside the home LAN is:-

ssh port access from two specific IP addresses http and https access from anywhere

I have data on the machine which I don't want to lose but it's not valuable or particularly confidential so I don't think I need to protect myself against concerted attacks from the CIA or MI5. :-) What I do want to prevent as far as possible is malicious attacks from hackers who, if they did get access, would probably just 'make a mess of things' for fun.

The two IP addresses from which ssh access is allowed are the public address of my work machine and a machine where I have a shell login at my hosting company. Thus they are both moderately secure themselves but there is always a possibility that someone 'unfriendly' might get access. The choice (for ssh) lies between public/private key and ordinary passwords. I *know* that in general public/private key is regarded as more secure but I'm leaning towards using password security for the following reasons:-

The machine where the password shadow file is stored is (relatively) secure, the only user is me. If someone (hacker) has access to the shadow file to apply brute-force/dictionary attacks then I've already lost the battle.

I make very sure that passwords on my home machine bear no similarity to those on systems outside so knowledge of my 'outside' passwords will not make guessing my home machine's passwords easy.

Someone who has access to my work/hosting accounts may well get access to the public key part of the public/private key pair. This, ultimately, lays it open to attack. They have *no* access to my home machine and thus, although the shadow file is fundamentally weaker in itself there is no opportunity at all to attack it. The *only* way that an attacker can break in is by guessing passwords.

Does the above make reasonable sense or have I overlooked anything obvious?

Obviously physical security matters and also I need to have the 'other half' of security based on backups etc. (probably subject of another E-Mail).

Final question, how vulnerable does running apache2 on the system with general access make it? Are buffer overflow exploits and other such things likely to make my careful ssh security pointless?