Following on a previous query, I am considering allowing incoming calls from t'Internet to a proxy server.
Now this calls for a DMZ to segregate the system running the proxy server from the 'green' internal network.
My security experience is old school corporate:
Firewall/Router (incoming/outgoing calls allowed)
DMZ with server(s) handling incoming calls
Firewall/Router (incoming calls from DMZ ONLY!)
Green (outgoing calls depending on role).
This calls for a minimum of two Firewall/Routers to allow physical separation between t'Internet, DMZ, and Green.
Googling so far in the context of the Virgin Super Hub 2 has suggested that
(a) DMZ and stuff is not that good in SH2
(b) the solution is to run it in modem mode and buy a better router.
However the 'better router' seems to support DMZ, NAS storage and wired/ wireless LAN all in the same box.
Now I wouldn't mind a kick ass wireless router with USB NAS storage and networked USB printer support but I am not at all sure about having that all lumped in with the DMZ and also directly exposed to t'Internet.
Am I being too cautious, or does the physical separation strategy still hold good?
As a slight aside, I have various older cable/ADSL routers which are fine for routing but don't support Gigabit Ethernet or the latest and fastest wireless protocols. Are there still third party firmware builds which can turn older routers into decent firewalls? This could save me buying two new devices.
Cheers
Dave R