How to best protect an Ethernet ADSL LAN

[Vieux Richard]

This is a 6 PC LAN & all PCs have Windows XP Home Edition . There is a Sitecom XDSL/Cable Router connected to an 8-port 10/100 Mbps Fast Ethernet Switch. All the PCs are connected to a 3COM Office Connect Dual Speed Hub 8. There is no server as such, all data is stored individually on each PC but there is a shared printer/fax/scanner (RICOH Aficio 220).
Only 4 of the PCs connect to the Internet and Norton Anti Virus 2004 has belatedly installed on these 4 PCs. I have run NAV on 2 of these PCs – one was clear and the other had Trojan Horses and Spyware files. They do not have a firewall – other than perhaps the Win XP firewall but I’m not sure whether this enabled.
As at least some of the Internet PCs are “always on”, presumably ALL the PCs are at risk. I have mentioned that they should purchase ZONE ALARM but I would appreciate knowing what is the best method for protecting this LAN?

[gunrunnerjohn]

First off, the NAT in the router protects you from basic incoming threats. As a minimum, here's what I would want.

• current AV scanner on all systems
  spyware scanner on all systems
  software firewall on any system that accesses the Internet

[Vieux Richard]

Sorry, I'm new to ADSL LANs and am on a steep learning curve here! Not sure what a NAT is.
The physical configuration has the 8-Port Fast Ethernet box alongside the 3COM hub which is alongside the Sitecom router i.e. the 3COM in the middle. What's the significance of this setup in terms of how to manage the Internet traffic?
Where does the firewall sit in this configuration and how is it managed?

GRJ, in reply to your suggestion - the AV is already there (on 4 of the PCs) should it be installed on the other 2 even if they don't access the Internet?
Why spyware on all systems and why s/w firewall on only those accessing the I/Net (if there is already a firewall somewhere else in the NAT?
What is the recommended s/w to purchase?

[gunrunnerjohn]

NAT - Network Address Translation

NAT is the capability that allows a single public IP address to be used by multiple LAN machines, it performs the translation from local IP address to public IP address. The protection part comes because NAT rejects any unsolicited requests from the outside that weren't responses to a request from a machine on the LAN.

I reading my responses, I tend to think that you should have all of the protection on all of the machines. After all, they'll all probably access the Internet for stuff like Windows updates, right? Also, many companies don't offer utility updates other than by Internet connection, Norton's stuff comes to mind. With that in mind, probably all of the systems will connect to the Internet at some point, right?

As far as the software firewalls, they can be configured to monitor outgoing connections, as well as incoming connections. This allows you to see if a new program suddenly tries to connect to the Internet, which is normally a bad thing if you don't know about it.

[doctorgonzo]

You say that only four PCs access the Internet, but all of them are connected to the LAN. Therefore, they are all connected to the 'net.

A hardware firewall does not protect outgoing transmission; a software firewall can. I was alerted to the presence of a keylogger on my PC when the firewall caught it attempting to dial home. A hardware firewall would not have caught it. That's why a software firewall is essential, IMO.

[Vieux Richard]

The other problem I forgot to mention is that everything (standalone apps & the network) is so slow to load. I need to go back to get a better handle on how it all fits together but would appreciate some pointers as to what to verify beforehand.

[Vieux Richard]

Have checked the physical network more closely. There are 7 FTP Cat 5e cables running in to the 8 Port Fast Ethernet Switch which has 7 lights flashing although I am assured that only 6 PCs connect to the network.
The only connections to the 3COM Office Connect Dual Speed Hub 8 are (i) the connection from the Ethernet Switch, (ii) the Server PC (Win98) that manages the Printer only and (iii) the connection out to the XDSL/Cable Router.
So why is the Hub there at all? Is there any reason/advantage or could I not connect the Server PC to No 7 on the Switch (which does not light up currently) and hook the Router direct to the Switch, bypassing the Hub? If so, perhaps that will improve the speed as well.

[gunrunnerjohn]

It can't hurt to connect directly to the switch, and if there's any traffic between PC's that don't go to the server, it would certainly reduce network congestion. Perhaps the hub was there to support an earlier configuration? I don't use hubs anymore, since for almost any application, a switch is a better choice.

[Vieux Richard]

2 PCs have been "cleaned" by formatting the HD & reinstalling Windows & StarOffice & Norton AV. What software other than Zone Alarm should I install on each PC?

[gunrunnerjohn]

I'd run SpyBot Search-N-Destroy and AdAware about once a week on them, just to make sure no bad stuff slipped through. That's basically how I run, and I've kept them at bay for years.

[Vieux Richard]

OK, each PC on the LAN now has, NAV, SpyBot & AdaWare installed. Have run them all & cleaned up each PC. Everything ran perfectly except on one PC, the AdaWare program blocked its scanning on the C:\windows\system32 directory & refused to budge having scanned 8000+ files.
One thing I would like explained for my ongoing learning, in this configuration, how are the router and switch managed?

[glc]

That's an unmanaged switch, it just works. Router management is most likely through its web interface.