[Nottingham] Exposing our internal network

[Michael Leuty]

I'd be grateful for any helpful comments from you network gurus out there 
on the wet and wintry streets of Snotingaham.

Church office network. Server runs Centos 4. Samba server set up, and 
files now pass at blistering speeds between Linux and Windows clients 
through 10/100 switch, which connects to eth1 on server.
eth0 on server connects to "managed" ADSL modem/router which in turn 
connects to that dangerous place called the internet. All incoming ports 
on the router currently turned off, but there is no firewall in the 
router.
We want to be able to SSH into the server from outside, and also connect 
externally to an HTTP server on the server which will be running a 
calendar application. Our ISP tell us that the IP address of the router 
will not change, and that they are happy to open up access to ports 22 
and 80.

We currently have Firestarter on the server, watching over eth0 and eth1.

I should be grateful for your comments on how risky it is to open ports 22 
and 80, and whether Firestarter provides adequate defence against script 
kiddies. (I take it for granted that the gurus on this list would be able 
to break in without working up a sweat.  ;-)
If we have accounts on the server with simple user names and passwords, 
are we running the risk of people being able to guess these 
names/passwords and then log on as that user through ssh?

Thanks in advance for your comments.

Mike

-- 
Michael Leuty
Nottingham, UK