I get once or twice a year a flag from the firewall in NIS that something was probing for ports.
Virus warnings... Hmm mostly when i plug in a foreign usb stick ... Or have to recover someones pictures from his old computer ( i pop out the drives, put in usb box , and go that way. )
I have a dedicated machine for such work. Has two harddisks. Second drive holds a ghost image of the boot drive, and the drive is powered off. If i do get virus warnings on a recovery job , i finish the job , then power cycle the machine and restore the ghost image. Just to make sure...
That machine sits on its own vlan. I use a cisco small business router with vlan capability , and i have a switch that does vlan as well. My home network is partitioned.
There is a vlan for the filers. I have 3 NAS filers that duplicate each other. Disk space is cheap... i work in the harddisk world
There is an office vlan. Bridges internet and filers and lab.
There is a lab lan. Bridges internet and filers and office
There is an entertainment lan. I have a boxee box as my source of entertainment. This has qos and bandwidth priority. This also has the blu ray, dvico media player , a sony hifi system with webstreamer and a logitech internet radio hooked up.
There is a 'dirty' lan .this is for the recovery machine. Internet only
There is a guest lan with wired and wifi. This is bogged down ( speed limited ) on the wifi part. If there are no guests the wifi is stopped. Guest lan is internet only plus a dropbox on one filer.
There is a gizmo lan. Internet only over wifi with whitelists for phones and tablets.
I have a dmz lan where there is another nas box. This allows me to dump files from anywhere in the world.
There is a security lan that has the home automation network. This has its own wifi and internet connection. The wifi only talks to the contol tablets. The cabled portion goes to the home controller. A Vera using z-wave for the controls.
When i bought the house last year i pulled cat-6a from a central point to every room. Every room has at least 2 ethernets plus a phone ( i used cat-4,which is phone wire ) as lead wire and simply left it in the wall. Lab,living room where tv is has 4 circuits. Living room has 8 circuits ( tv, boxee ,blueray, cameras, dvico media player, home controller etc )
I do not use local switches ( apart for one in the lab ). Its all direct to the main switch . Everything sits in a cabinet built into the wall in a walk-in-closet.
The main switch has a 64gb/s backplane. So everything can be talking without slowing down the network