That hardware sounds more than adequate to get you started. If you're actually buying these parts, you may want to ensure that your CPU supports AES-NI. It's not required right now, but will be down the road at version 2.5.
I think this series will get you up to speed pretty quickly.
I really miss the RRD graphs from the previous version. The new traffic graphs don't get as granular as they used to and that granularity was VERY helpful.
edit: I'd also change your DNS servers from something that isn't your ISP provided servers. Google DNS servers are a popular choice, but there are tons of others too.
I no longer run Squid, because I use HTTPS Everywhere on my browsers and Squid can't cache encrypted traffic.
I do run Snort, but it takes a lot of time and patience to get it configured. @Wendell's recent vid seems to suggest that he likes Suricata better. Neither of these tools are good for the paranoid, 'cause if you already think that they are after you, these tools will definitely prove it!
Personally, I would enable the DNS resolver and then use GRC's tools, including his DNS Benchmark to find and configure good local resolvers.
I would also adopt a default deny policy for your internal firewall interface rules.
As far as packages go, only run what you need. There is no sense in presenting additional attack vectors to the bad guys, if you don't really NEED the service.
EDIT: You also may wish to consider configuring NTP, so that your hosts all use the same time source.
[quote="acetothermus, post:11, topic:115939, full:true"] Snort for sure!
I really miss the RRD graphs from the previous version. The new traffic graphs don't get as granular as they used to and that granularity was VERY helpful.
He also could host his own DNS server, but that is probably more advanced than he wants to get into. I haven't hosted my own DNS server yet, but I plan to do so, once I build my Presence box.