Need Network Information /Set up guide

[pdbrider]

I am looking advanced my home network for protection and performance etc.

We have 6 desktops and laptops that have ability to connect wireless.
I use a D-link router wireless is secure. (Windows xp, 1Mac laptop, 1Visita)

Can I set up some like firewall/spyware blocker in front of all the computers? (I dont want it to kill performance)
I never seem to have any major problems on my main desktop but all the others always get cluttered with spyware and junk.

How can i optimize my network to keep everything under control and more manageable.
I dont want to have to worry about spyware/viruses/garbage killing my download and upload rate.


and if you going to tell me go put ANTIvirus software and all that garbage on all the computers. Im gonna laugh so you better have a good explanation why and how it wont kill my performance.

I want to stop everything before it gets to the computers is that possible?

 

[JustAGuy51]

Stopping everything completely perfectly requires knowledge from the users which is pretty demanding (I say impossible) considering new viruses/worms coming out all the time.

Setting up firewall (at your SoHO router) can reduce/stop them at the network level. What I mean by that is say someone discover a bug at MS TCP/IP code and write a worm to exploit it. That worm transmit and affect through say udp 135. Firewall will block it. This kind of worm will affect w/o user involvement. Set up your fw rules so that:
1) block everything -initiated- from Internet at the WAN interface, except for FTP data port, tcp 20
2) Turn on stateful filtering; fw will create a state for every connection initiated from internal and allow the return traffic from contacted servers
These rules are for browsing, file downloading, name resolution, regular traffic but not for like bit torrent, P2P, etc.

Setting up a firewall won't kill your performance but that depends on the quality of your firewall.

Being set up a firewall, you can still get infected/being trojan/etc. through threats coming at the application level; that is through browser. There are two kinds: the one that can access your hard drive through browser and the one that has limited access to hard drive but can do everything related to browser.

The first kind is a lot more dangerous since it can drop trojans, etc. in your hard drive. Example include Java Applets, unknown .exe files, etc. Firefox addon "noscript" can acts as firewall at the browser level for malicious Applets. To protect against downloading unknown .exe files, etc. is entirely up to the user. Even if the user has knowledge, you can't do anything if the site you visited has been hacked and dropped you a trojan along with legitimate download. Repeatedly occuring Spywares, garbage programs most likely came in this way.

The second kind is less dangerous. I am referring to JavaScript based attacks such as XSS, XSF or equivalent in MS side. This kind can steal your cookies (and thus, hijack your web sessions in some cases), redirect you to a phish site, etc. Noscript can protect against these.

All in all, you can reduce a great deal but to eliminate 100% is virtually impossible.