Need some help with my network
well i have been in to building computer's for about 4 years, but never got in to networks or safety really i've always thought why spend money or download some resource draining program if all I have to do is look at what i'm downloading or review the source. Recently though, i was at a friends house for a month or so and i connected to his network with the home setting in windows (i don't know if that matters or not ) but anyway hes like a want to be hacker and IMs with a whole website of them and he decided to start being cocky and got hacked well the guy told him it was a network worm and so he happened to tell me three days later that it had happened, and i've kinda been worried about it. I've formatted my pc since then, but i'm thinking about being more safe when using my pc. I kinda like that whole hardware firewall concept but need a little more info on it before i can give it a go. This is what i'm thinking, but tell me if i'm wrong i don't really know what i'm talking about. I run Comcast ISP to my modem my modem to my linksys wifi router then, i run 3 wired connects off of that and 3 wifi laptops (btw These r not all mine i have roommates) with no safety. Other than WEP key, this is what im thinking - modem to my router with a fire wall on that then on my 3 desktops- i will run 3 hardware firewalls. Basically, i run it from the router to my fire wall, then run from my fire wall to my rigs but, i don't know if that's how it works plz let me know.
that is going to cause issues with port forwarding for any kind of games or UpNp. first off WEP is useless, use WPA tkip 2, second make sure passwords are strict and not like abcd1234. a good router with its ports closed and no icmp requests enabled on its wan will be a good start and all the average user needs. keep a good antivirus program that can monitor network usage such as avast on each comp and you will be fine. linking firewalls causes issues and is redundant. also enable password protected file sharing and disable admin accounts on the comptuers.
if you really want to get hard core then setup a unix box as your firewall, a majority of 'hackers' when they reach a foreign unix command line wont know what to do with it.