Hi Guys/GalsI'm a newbie so be gentle, lol.I'm reading through the MCTS in order to set up a client/server network within my home-office. I have 4 staff members and then me. I've managed to set up, albeit with trial software so far, 5 x windows 7 professional clients and 1 x server 2008 (x86) running AD DS, DHCP and DNS; I've also set up some shared folders for the staff.I have a Netgear WNR2000 router to which the server has a wired gigabit connection. The clients access the router via the wireless n speeds. I currently have McAfee antivirus enterprise 8.7 running on the server and clients.Should I be investing in firewall software for all the computers or will the one with the router be sufficient? I have not got to the section in the books about the security wizard just yet. What websites/tools are available to test my exposure/threat level/vulnerablility etc.Thanks in advanceCD

Unless you have specific requirements like application-level gateways, advanced logging, government certification adn so forth, the router is sufficient. Most SOHO routers don't allow direct inbound connections, which is a good starting position to be in.-= F1 is the Key =-

Hello BenI have to agree with Pidgorny that for most basic installations a harware router/firewall is sufficient. Like he said, if you have to meet specific requirements for accreditations like C-TPAT, HIPAA, an others, thenthat's another story. Regardless, security is layered and the more layers the more secure. Here's some layers you can add on in order to increase security:1. Turn on the Windows Firewall on client PC, that way if one pc gets a virus in you LAN, you can prevent that virus from looking for explouts and infecting other pc's.2. If your hardware has outbound port control, open outbound 53, 80, 443 and any other you specifically need.Don't open all outbound if not necessary.3. Use tools to check for exploits in your network and keep your servers and pc's updated (incl. Windows updates, AV updates and apps updates) http://technet.microsoft.com/en-us/security/cc184924.aspx like MBSA Microsoft Baseline Analyzer and it's priced right (free)http://www.nessus.org/nessus/ this is probrably the most complete vulnerability scanner for the price (they have a free home use version)4. Use an IP filter to block unsavory web sites.Most security problems will spring up from the inside (i.e. a user get a virus, etc). IP filters can block access to web sites that are magnets for problems: p o r n, gambling, downloads, w a r e z ,social networking, etc. You can get a free IP filter from OpneDNS or there are commercial appliances that do the job more securely.http://www.opendns.com/5. Create a written security policy for users, make sure they are aware of the do's and do not's andif possible, disable USB storage and transportable media so users cannot infect pc's by taking work home and bringing it back along with a piece of malware.6. Since you have wireless, enable the MAC address filter if the router has one.7. Subscribe to security feeds and advisorieslike CERT or Technet,take new materials about threats, translate them into non-tekkie language and E-mail them to your employees or post them on the Intranet. Keeping your personnel aware is a good step in preventing securit problems. Here's an example I use for my clients:http://sharepoint.falconits.com/Articles/Forms/AllItems.aspxSecurity bulletins and advisories:http://www.microsoft.com/technet/security/Current.aspxhttp://www.cert.org/8. Some routers have built in packet filters, intrusion detection, etc. These security appliance can help your security by strong perimeter defenses.9. Minimize your footprint by turning off all unnecessary services (daemons) that you don't use on both server and WS's10. Maintain good password policies. Perform scheduledsecurity audits and check firewall and server logs frequently.All of the above are just layers you can add to increase security. It's up to you as the IT manager to find the happy medium between security and convenience. Cheers and good luck!Miguel Miguel Fra / Falcon ITSComputer and Network Service and Support, Miami, Fl