ps2cho :
I want to go paperless and start saving all my important docs on my current server. All my personal information will be on there and I usually remote desktop into it for other stuff.
Should I at this point consider having a hardware firewall in front of my router?
I'm wondering if building a new computer for this would make me safer against any risks of attacks?
1) All routers from a Internet Service Provider includes a firewall.
2) What do you use to 'remote' to your server? If it is NOT a VPN based connection, it is like having a high tech security alarm installed (firewall) then leave the keys hanging in the front door lock (remote desktop). You should review HOW your connecting.
3) Firewall do not protect the server from YOUR systems being infected / malware spreading. You should have proper security systems inplace and automated to do scans, updates, etc. when your not doing it yourself.
4) Paperless is a myth. There is always a need for 'hardcopy' of things especially as I point out #1 Fail point - no electricity no 'data'. If you have any electrical outage you can not in anyway pull up the 'documents' to do the important things (like file a insurance claim if you don't have a physical copy of your policy to debate the point for example).
5) BACKUP BACKUP BACKUP! I can't count how many people can't see the problem with this solution your suggesting that if that water pipe breaks, that soda gets dropped, that one big BUG gets caught inside it ZAP! there goes your only server, your only source of data, your ONLY copy of important documents. Even if you did backup it needs to be OFFSITE (your safety deposit box at the bank) because nothing stops that drunk from driving into the building where the server is, break the gas main, then the 'total loss fire' ensues... where was the server and backups ? all in the same building? Great plan now both are gone!
6) LAYER 1 SECURITY - What prevents someone from breaking the window, grab the computer, and walk off with the server? Now they have 'all your important docs'. Do you have the drives locked into the server? Do you have the server itself steel cabled into a secure way they can't haul it off (they take ATMs with a simple smash of a truck into them, your server shouldn't be as easy to smash-grab)? Do you have a security system and security cams to make sure you know WHO actually was 'typing' on the computer? How do you know, since you leave it 'logged in all the time', someone else just doesn't walk in (even using a key you leave with them) and just starts to sell / use your personal information to gain their own credit cards, payday loans, etc. ?
Basically you need to apply Business 101 Data Management and Security policies since your going to put this all at this one 'failure point'.
If you don't have several ways to make sure 'nothing happens' when your 'not just sitting at the keyboard' Murphy's Law says at least 1 will happen when your not expecting it.