Re:OpenBSD, of course! (Score 1)

DMZ is the only way to go. You need to segment the network into vlans use a smoothwall box or other linux/openBSD firewall to control the network access into the servers.

Basically if you only have control over your servers then make sure no one else can easily get control of any service other than what they should be getting access to. Your internal client network needs to be treated as if it were external.

j