Yes, of course the router has NAT (and SPI)...but that is only one level of protection, and not foolproof. You didn't mention:

- only run day-to-day as limited user when connected to (W)LAN
- don't share any folders except carefully designated ones w/permissions thoughtfully set
- good firewall
- good antivirus
- keep up on your patches
- try to avoid software with consistently major security problems (e.g., Firefox has worked quite well for me in place of IE)

I'm sure many of you out there have several more sophisticated approaches but for a small operator with no high-profile web presence, I've yet to have a security breach in 5 years of static ip broadband connection (knock on wood, it could happen anytime.)

Still asking 'though...any feedback on ZA Sec Suite antivirus?