I'd recommend that you obtain specialized devices to fill each role on your network. It's a best practice to have a dedicated router filing the router role, and it'll be better yet if you can purchase a hardware router, rather than building one on a FreeBSD server. Similarly, you should have a separate device acting as your IDS sensor.
The reason for all of this? Minimizing complexity. A more complex networking environment increases the chances of something going wrong and makes it more difficult to troubleshoot network problems.
Dig deeper on Open Source Security Tools and Applications
Related Q&A from Mike Chapple, Enterprise Compliance
PCI DSS requirement 6.6 demands application security compliance through one of two options: an application firewall or a code review. Expert Mike ...continue reading
Are HIPAA-compliant hosting services a better option for compliance than a secure storage API? Expert Mike Chapple analyzes.continue reading
Social media compliance is not typically considered a big issue for companies, but expert Mike Chapple explains why it should be.continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.