The router/firewall is a layer of protection for the network, which itself is inherently insecure with many points of vulnerability.
Which I am learning more about from the discussion, even though it its the router that seems to be the centre of attention for me.
I didn't just want a "my bob2 is beeping it is infected" topic. These tend to be closed down rather quickly. So I tried a discussion in hopes I could view or review protocols to help understand more generally about setting up networks securely from starting with locking down a router and using it to it's full potential.
And/or configure your own (custom) outgoing firewall rules in your router.
I do have a firewall on all items, but to set serious filtering is a big task, software needs configuring, Microsoft services needs configuring, etc, etc.
I hear just allowing udp port 53 for DNS and UDP/TCP on port 80 for Internet is a good start.
No it isn't. It's up to you as to how serious you want to be about security.
I don't know how many people configure their own firewall(s), incoming and outgoing, but I've been doing it since getting my first (non-integrated) router in 2000 or so.
I suggest investigating VLANs as a possible security feature. It essentially lets you define specific paths between specific points and a trunk connection to border routers or shared printers. Since VLAN switches provide layer 2 data link level switching, they are impervious to many of the LAN side malware spreading exploits extant today.
Configuration isn't a trivial matter, but once it's set up, it's low maintenance.
Here's a couple of educational links to review the subject;
The big problem I have with my RADIUS implementation is that I can't configure smartphones, tablets, printers etc. to connect . They don't seem to have any WPA2 enterprise support.
Do I understand you to mean that the smartphones, etc., do not have WPA2 enterprise support? I think that must be true, as I have not seen that available in smartphones that I allowed. They do support WPA2 (non-enterprise).
OK, that's what I thought. The router I have dealt with in this situation can support VLAN and also WPA2-Enterprise, but all those smartphones don't understand WPA2-Enterprise.
I wonder whether you can use WPA2-Enterprise mixed and it would work with the smartphones? I have not tested this. After some checking, I think this probably would not work, either. I also found some commentary about WPA2-Enterprise and Apple iOS5 having issues with connecting.