This is a relatively close look at our home network setup. The network is not especially complicated, but it suffices for home and is secure enough that I don't worry much. It is safe from the new worms, and if a script kiddie is trying to learn hacking there are plenty of easier targets to further his education.

This is the basic  layout. We have Michelle's first computer not connected right now, but I have a wireless card for that and Darlene may want to use it this winter instead of sharing the one in the Den with me.

The network really starts with the Zywall router which handles the PPOE connection to SBC 3.0/384 ADSL. The Zywall performs Network Address Translation so all users share the single IP address handed out by SBC and  hands out IP addresses to the internal network computers (DHCP server). It has a built in true Stateful Packet Inspection firewall (ICSA labs approved) and built in packet filtering. The really nice feature is that it can serve as a VPN endpoint router to create an encrypted tunnel between home and work. Connected to the built in 4 port switch is a linksys 8 port switch, a D-Link 5 port hub and a Linksys WRT54G wireless router.

Branching off to the right is the rest of the equipment in the den. Since there isn't a lot of file transfer between computers I use the hub so that I can easily sniff traffic for troubleshooting and learning.

1. The XP Pro box is the main box. I use Mozilla Firefox as the web browser of choice. Also installed is Adobe Photoshop elements and Microsoft Office. For security I currently use McAfee antivirus and Outpost Pro firewall. I like having the additional software firewall to watch what applications are attempting to connect to the internet. Ad-Aware and Spybot S&D are used to clean tracking cookies and prevent browser hijacks while using Internet Explorer. IE-Spyad is used to place most of the known crapware sites in IE's restricted sites zone to protect me against an accidental trip to the wrong site. AdAware, Spybot S&D, and IE-Spyad are all free, although they accept donations. Outpost and McAfee are not, but really are a necessity anymore.
2. The debian box is a work box and a failed attempt at creating a network monitoring machine. It is almost never turned on, but I may have a go at it with a more powerful machine.
3. The Suse box is a relatively successful attempt at creating a home networking / monitoring box. I have ethereal and NMAP on it to sniff traffic and or scan the home/work networks.

The left branch is a Linksys WRT54G wireless router that is connected as an access point only. DHCP is turned off. The internal IP is set to a static IP on the local lan. One of the lan ports is connected to one of the Zywall lan ports. For security we use WPA with a long fairly random shared key. Currently only Michelle's computer is connected to it using a Linksys USB Wireless card. The setup works fairly well considering that my house is "L" shaped and the den and Michelles bedroom are as far away from each other as you can get. I have the equipment to set up Michelle's old computer to connect wirelessly to the network.

I think the network fits our needs very well. An unobtrusive wireless repeater would be nice, but they're expensive and the wireless connection is generally faster than the Internet connection. Having both a software and hardware firewall covers the unrequested connections. The lan is set up in the trusted zone of the software firewalls so we can share files if necessary.