Are my security measures adequate?

Quick background for me is that im 18, love computer and currently the tech support for my family(close and extended), neighbors, family friends, etc etc. While I dont have the strictest policies I do try to keep my home network along with anyones computer i work on non-infected.

Some of my scheduled task are:

• Nightly backups to a WHS box.
• Nightly full system virus scans (Avast! home) on all desktops and the WHS. Laptops dont have scheduled taskes but my WHS warns me if i dont do either after a week.
• Automatic updates on Avast and Windows/linux(gentoo based so not completely automatic)

And general precautions:

• My servers(except WHS) are on a different subnet as my desktops.
• Servers are all linux except 1 and ssh is on non standard port with ssh only via keys
• Servers also do mail and that is scanned for viruses
• Router's UPnP is disabled, default password changed
• Only needed ports are forwarded
• Wifi clients can't communicate with desktops except for WHS.

I know this isnt completely Win7 related but i do have a few machines running it. i listen to a few security podcasts because they are interesting to me but I don't think im overly paranoid(no pseudo-random 265bit passwords).

Do you guys have any extra suggestions for me to do? Does windows7 introduce any "features" i should be on the lookout for?

while i understand the concepts behind visualization and sandboxes but i dont see the point for the most part. My linux systems have their daemons jailed but i do no sandboxing on Windows.

As for IDS ive heard of snort but is IDS really overkill for a large-ish home network? if a machine goes down not much if affected, backups are there so settings/programs are not lost and media is stored on WHS. If my WHS was lost i would have have a problem but i don't think that will happen as it doesn't connect to the internet except for updates.

UAC is enabled on my win7 machines and for linux boxes im the only person who can access them other than by the services they provide.

I'm not sure what you mean by SRP and LUA.

Jester45 said:

I'm not sure what you mean by SRP and LUA.

SRP = Software Restriction Policy. For more information, click here.
LUA - Limited User Account, a non-admin, non-power user account with limited privileges. Also known as SUA (Standard User Account) in Vista and Win7.

well i do LUA/SUA. along with that all windows based users need a "complex" password enforced by WHS which is 1 CAPTIAL letter, numbers, and >6 characters long. My linux boxes have root but only i have a normal user, and have to su to root.

and ill have to look into the SRP stuff, sounds real nice on the laptops. and SRP on the WHS would be a good thing too as i only use ~15 programs max (including system processes) so i could lock that down pretty tight.