I am currently trying to get to grips with server administration. Right now I am setting up security measures on an ssh + LAMP server running at home in my local network. I am following the suggestions in this thread for that: How to harden an SSH server?
What I am still confused about however is, whether breaching the server automatically breaches the entire network. Does an intruder get easy access to all other machines on the network once he has breached the server?
This answer assumes that you are working with a typical residential home network, with an off-the-shelf router or an ISP-provided one with a single IP subnet on your network.
If you are stuck with one router, and only the one IP range, then unless every system on your network has a firewall and/or has been hardened, if your server is breached it will have access to your network.
Most routers and systems in a consumer-grade home network are not built with "security" in mind with the design, and do not have any types of isolation mechanisms that would isolate computers and machines from each other.
This does not mean you need to completely be worried, as there are many things you can do to protect the other systems on the internal network, such as (not all inclusive):
... and other common-sense hardening tactics.
Note other concerns, like those pointed out by bgse in comments:
Also consider the potential of the attacker using the compromised machine to listen to network traffic, especially unencrypted traffic. In your typical home or small business network, this can quickly escalate to disaster.
Another problem is that the machine might still be considered thrustworthy by users on the network where this is no longer the case, e.g. a file server where the attacker might actually replace existing files with malware (like a small business keeping installer packages for their software in a single place to conveniently download on their private network).
