I'm a brutally honest kinda guy too, so I know exactly where you're coming from.

Thanks again bro.

Means he has an ssh server setup at home, and tunnels all of his traffic back, through that, rather than directly browsing over his hotel internet IP address.  Other ways might be setting up a vpn server at home (same principal for tunneling your traffic,) and connecting through that.  In essence, it makes all of your browsing appear to originate from your home IP address, as well as making your home network gateway and security measures work, for your remote / hotel / coffee shop connection.

If you're looking for a 'free' solution, too, I THINK the freeware version of Untangle has VPN, as well.

Ps_107

It all depends on the scope of the project.  There are internal and external tests and both come with their own scope of work.  But lets take a step back for a second.  Penetration tests are not cheap (if you stick with a reputable company).  If you are currently a single person environment with no server at the moment.  Then a penetration test is not really something you need. 

I would suggest brining in an IT consultant in your area who is familiar with the needs of a small business client to assist in your setup.  This also holds a cost but it is much less than a penetration test.  We usually schedule a test when we know we have done all we can to secure our systems and want to see how we do.  It also helps us in deciding where we need to improve more and budget that accordingly.

Don't get too paranoid with securing a network that may or may not exist.  Figure out what you want to do with the network and work on securing it based on that.

Lets say I was building a new network for a small business < 5 workstations and MAYBE a server.  For less than 5 people I would probably not waste money on an inhouse server.  I would probably look to something like Amazon Cloud services or Google Apps depending on what your industry is.  If you are a one man shop, you can keep the costs down by using online resources for email and storage.  Ensure they solution supports SSL based access as well as encryption for storage, or you can simply encrypt the data afterwards. 

Again all this is really based on your industry and your business plan.  If you don't like keeping your stuff up on the internet, then at least utilize it for backups.  Keep in mind the larger the chunk of data you are backing up, the longer it will take to restore.  I like to recommend backing local up on an external drive and copying that to an online backup solution such as Carbonite. 

If you do not keep any resources in house, then you can easily lock down your firewall device so only the necessary ports are allowed out and nothing is allowed in.  Utilize 15+ character passwords using mixed case, numbers and special characters and keep services such as Windows 7's User Access Control (UAC) enabled.  That is the box that pops up when you try to install something even though you are an local admin, it still requires the OK to proceed.

Keep it simple stupid is what I like to say.  You can only lock down so much before it impacts your business.  In this day and age you need to have an internet presence, twitter account and hell even facebook to an extent because that is where you will find the business.  For all that you need to be online in some fashion.  Just practice safe use and you are as protected as you can be.

With regard to scope...

All project and pentests need to be 'clearly' defined / scoped.  What is and isn't off-limits?  What processes and systems are to be tested?  Is it a website- only test, or are you to test perimeter routers and gateways?  Is social engineering in the scope?  What hours is the testing to be done, during?

The list goes on, and on, and on...

But it all needs clear definition, so that you don't overstep authority, or break systems that you're not supposed to affect.

Ps_107, are you saying that someone has taken control of your computer, gained access to your personal information, and is spreading that information out on the internet?

I would advise running Wireshark on your computer while in use to see if there's any strange traffic. Maybe even install an IDS on your network, just to see if anything is picked up. There's a turnkey solution called Insta-Snorby that may do the trick.

If you do in fact have an attacker active on your system, then there are a lot of extra steps you need to take.

Understandable Ps_107.  And yes I do not know your situation.  As we all have a wealth of information behind us, we can only speculate at what you are ultimately trying to do and protect.  I do understand your hightened awareness due to past issues.  If you have intellectual properly that needs protecting, you should also insure you have some legal protection going forward with your new project.  I understand the costs involved with protecting intellectual properly could be high, but so are penetration tests. 

In most cases a Pen tester is not looking for other people breaking in, but looking for a way in themselves and telling you about it after.  The goal of the pen test could vary from simply breaking the perimeter to obtaining access to critical company data.  But it is all in the scope.

I would highly recommend you create a relationship with a local IT firm that can better understand your situation and recommend a solution that will best suit you.  We can only speculate and rather than give you information overload, it is much easier to make recommendations and answer your questions when we actually know what needs protecting.  Obviously I am not asking you to divulge that information to us.  But working with someone directly may give you better answers than posting on a forum.  If anything you can always pass the recommendations by us and hear our opinions on them. 

I've already started looking into a couple of IT firms but actually developing a relationship with them is a whole other thing.

Other than that, that's a great idea and I'll do whatever I can to get any of those guys to help me out.