The VPS we've got is too slow and we're thinking about moving to a dedicated box. Thinking about going with The Planet/ServerMatrix, but they are charging $89/month for a hardware firewall. Do we need it?
That depends on your OS in my opinion. If you don't know how to set up firewalls and are using Windows, yes, you better pay for it. If you do know how to set up software firewalls, well, then you don't need this thread . If you're running linux AND your distro comes with automated firewall software (mandriva for example does) then you can likely get away with using the firewall software that came with your OS. Determine exactly what services you use (mail, dns, web, etc) then lock down everything not used by those ports. If you're using linux but it doesn't come with firewall software, I'd say for $89 a month you should get some firewall software for distro and figure out how to run it. $1000 a year for a firewall, wow. You also need to make sure that everything running on your machine is there for a purpose. In linux, type the command 'ps aux' and print out the results. Then Google each entry so you know what it does. Then turn off any you're not using. And finally, make sure your packages are all up to date regularly - weekly is a good idea.