Luke Warm

New Around Here
I just hit the jackpot (sort of)... :D
Work-At-Home and FTTH coming soon with triple-play Internet + VOIP + TVOIP

Older 2 storey house (~ 2000+ sq ft)
Optical Network Terminal will be installed in Basement.
Current Hardware:
1 TV -> 1st floor Kitchen
1 TV -> 2nd floor Bedroom
1 Desktop PC (11g) -> 2nd floor Office
1 Scanner (USB) -> 2nd floor Office
1 Printer (USB) -> 2nd floor Office
1 Work Laptop PC (11g) -> 2nd floor Office

It is imperative that the Work Laptop be highly secured (no local file sharing/transfers, wired & separate subnet?)

To date, my investigation has me flip-flopping daily amongst the wired/wireless/powerline/hybrid alternatives.
I think I'm more confused now than before I started researching - I can't even decide where to best locate a router. :confused:
Since I'm envisioning this network starting from scratch, anything is possible, even replacing adapters to match router.
The focus is getting the network design optimized for current use and future expansion, as opposed to hardware branding.
Any and all thoughts will be gratefully appreciated.

Thanks in advance. :)
If you desire a 'start from scratch' approach - wire all your [important] rooms. Pulling a couple wires typically isn't terribly hard, and usually isn't horridly expensive even if you pay an electrician or cabling guy to do it. Wiring is always the ideal. Ideally, for a highly connected home/office, I'd wire every room with 2 cat5e or 6, terminating it all somewhere (usually in the basement) where you can put the routers/switches. Then, you can hang 1 or multiple wireless AP's throughout your house at various points where it makes most sense.

Since your laptop has to be highly secure from local connections, VLAN'ing probably makes sense. You can segregate your network to your heart's content with a 'smart' switch that can handle port based vlan'ing.
To highly secure your laptop....run a wire to your 2nd floor office...have that network jack plug into a managed switch (or a router with a built in managed switch) on a separate VLAN. Or...if you insist on wireless....have your wireless access point hang off of jack that's plugged into a managed switch and on its own VLAN. That will satisfy the rules that your business laptop be separated from the rest of your home LAN.

Although to be honest, most rules about the office laptop being taken home....as long as your laptop is protected behind a NAT router (meaning...not plugged directly into a broadband modem on a public IP address without NAT)....and the fact that the office laptop usually "VPNs" into the office, it's kept secure.
Forgot to mention, physical security. Not sure what your situation looks like at your home office, but physical access to devices is a trump card that can negate most of what you do to secure your network. And of course, encrypt your laptop's hard drives if you have sensitive data on them, or through them. 10 minutes with a screwdriver or password reset disk and your laptop can easily be completely comprimized.
My gut feel that wireless isn't yet the be-all and end-all has been confirmed by your valued responses. I've already pulled Cat5e to the 1st floor, wishing it was POF instead. How come diy POF is available in Europe but next to impossible to source in N America?
VLAN appears to be a suitable solution for isolating the Work laptop and I appreciate your suggestions in that regard. I'm now shopping for switch and router.
I think encrypting is overkill in my situation, but thanks for raising the issue. I have addressed 'reasonable' physical security to my employer's satisfaction. I guess if the data was that sensitive it would be encrypted on removable drives.

Much thanks for your input; I'm certainly more confident and comfortable with the direction that I have chosen.

Cheers!! :)

