Home Networking Security

The Peer Network -- All local PC's connected to hub; cable modem to hub via a "patch cable." This presents the greatest security problem -- all machines directly exposed on Internet. The Cable Operators used to recommend this way, would gladly sell you multiple IP addresses, and then told you to disable all sharing with your other machines! Yeah, now why were we building a home network?
The Concurrent Host Network -- Cable modem connected to PC1; PC1 (via a second network card) connected to a hub. Then, PC2 and PC3 to the hub one machine is exposed to the Internet -- PC1. This network is similar in design to the "bastion host" and "dialup" networks, except that the host computer has three network cards -- one to talk to the cable/dsl modem and one each for the other two PC's on the local network.
The Bastion Host Network -- Cable modem connected to dedicated firewall machine/hardware; PC1, PC2, PC3 to hub, dedicated firewall machine to hub. Firewall, if PC, is another machine with 2 network cards, running Linux/Unix and firewall code -- minimum installed software, no servers to the outside. Normally, the Bastion Host (PC1 in the diagram) would not be used for anything except isolating the local network from the Internet.
The Dialup Network -- The Bastion Host structure also looks like the structure of a dialup-based network -- where one PC makes the dialup connection with the Internet Service Provider and the others connect to that one. In this case, PC1 is used as a normal PC for games, web surfing, email, etc. If you're running Windows here, email, , etc., then this structure simply resembles a Bastion Host network; it is not as secure.
Cable/DSL Router Network -- Cable or DSL modem connected to a combination router & multi-port switch; PC1, PC2, PC3 to router. This is "state of the art" for a home system.
Win 9x/Me/NT/2000/XP

Windows ICS (Internet Connection Sharing)
Wingate (www.wingate.com),
Sygate (www.sygate.com),
others
Linux

via iptables in RedHat, SuSE, and other distributions.
via ipchains in earlier versions of the distributions
Hardware

Linksys, D-Link and others make a hardware "cable/dsl router." This equipment provides masquerading services so that multiple machines can use one IP address; its function is somewhat similar to a proxy server.

Hardware firewall

Cable/DSL routers (see above)
Dedicated firewall machine

486/66+ & Linux, via iptables (ipchains in earlier versions)
Win9x/NT/XP software:

BlackICE Defender (www.networkice.com) seems no longer available
McAfee Firewall (www.mcafee.com)
Windows Firewall (built into Windows XP, active by default in Service Pack 2). Does not monitor/control outbound connections from your computer.
Symantec's Norton Internet Security(www.symantec.com)
Zone Alarm (Zone Labs, www.zonealarm.com).
The Sunbelt Personal Firewall is my choice and recommendation.
Others
Unauthorized access to your system
by the bored or curious
by the malicious
by other bad guys
malicious ability to read/write/delete/format
Trojan access programs
Remote control programs — Back Orifice, NetBus, Hack-a-Tack, etc.
Attacks through your system to others, pretending to be you.
Mail spamming, pretending to be you
Mail spamming, not pretendig to be you
Bad guys using your computer as a webserver for porn
Bad guys using your computer in phishing / fraud schemes
How to identify attack instances and attackers.
Prevention is the key – much better than response afterwards
By protocol, port #, source, destination, request or response, or by physical network card
Block inbound packets and log penetration attempts
Block outbound packets -- to make sure files & printers not shared!
Block access to/from certain sites or from certain in-house machines
block adult sites
block/restrict child's computer
Block banner advertising (by source site)