Hi Steffen,
I guess I should have said it more clearly that this box will be used to develop web applications and we therefore won't be able to detach the box from the internet but it will for sure be inside the DMZ.
But after all, it's possible to develop web applications without direct internet access, and you should. Otherwise you never know if the sources are unchanged. And if somebody builds in a backdoor in your payment module - good night... Better care and use a second webserver in the devel-net.
But maybe you don't need a secure development environment, maybe we understand different things with this term.
Thanks for your answer Steffen. Guess I didn't express what we want to do. And for sure we have different understandings of the term "secure development environment". Here is what we want to do with the box: Have CVS up and running for version management (primary purpose) A group of people will be notified about any commits and can transfer the code after reviewing to a qa box. Since we will start a "case study" about tele-working the CVS repository should be reachable from the "outside world" as well from within our network. Therefore I thought using SSH for connecting to the box might be a good idea. Later we will have IBM Websphere and a DB2 Database running on the machine. So all in all it is more a Webserver but I will still try to make it as secure as possible. Which is as I understand a big compromise in terms of convenience. Sorry for the confusion I might have caused by not expressing clearly what I mean. Cheers, Andreas -- Andreas Otto OgilvyInteractive | Floor 2, Canberra House 315 - 317 Regent Street | London W1B 2HS Reception +44 207 299 3434 | Fax +44 207 631 5050 http://www.ogilvy.com