Well, after taking a CEH course at night, I have decided that I need to figure out a mechanism to protect my network from intruders. This is more of an exercise for me to apply some of the things that I have learned in the class. I have a number of different VLANs in the house, some pretty benign and some not so much (like access to TOR, etc.). Any one of these could lead to compromises in the network so I would like to re-evaluate what I am doing and make changes as necessary. I will be taking the CEH cert test in the next couple of weeks and that will free up time for me to become more involved in this process.
One specific thing that I would like to try is separation of connections from known or unknown entities to a special VLAN for that purpose. I want to separate out all of the internal networks from being compromised. In addition, I would like to put up an intrusion detection system for the existing networks and go about looking for unusual traffic patterns. Of course, one of the quirks about my setup is that I have everything going through an ActionTec router which can be almost a sieve without proper configuration. Updates to the firmware do not appear to be forthcoming and Verizon is insistent on my spending another $100 to get their "improved" ActionTec router just so I can get gigabit Ethernet to my other router connections.
One of the first things that I think I will try is to make all of the connections from the ActionTec router to be on separate VLANs. There really is no need for me to have everything on the same subnet and the router does have the ability to have completely separate VLANs from it.