[drnick1]

It was a genuine question, and while you reiterate the author's point about this being "bad security practice," neither you nor the author explain why this is the case.

I don't believe physical separation really buys you much here. At most, if may reduce downtime if you do indeed get pwned, but I think that you can achieve the same objective through a combination of containers, VMs, and UNIX users. And running multiple, somewhat redundant machines also has obvious downsides such as increased power consumption, increased maintenance burden, additional space and cabling, etc.

[efreak]

> opens up your network to attack and/or compromise, you're massively increasing the attack surface, and a compromise of one of those components leaves the attacker sat on your edge router, at which point your entire network is fair game.

That's your answer.