I'm helping out a friend who is responsible for managing a LAN of about 30-50 computers. We are connected to the internet by business class ADSL service using a Cayman 3500 series router. The router is connected to Netgear unmanaged switches. The majority of users are not employees, but are instead agents who own their own computers or laptops.
When I first came on to help, I discovered that a large number of client systems had no virus protection and many systems were infected with various viruses that were flooding the router and shutting down the internet connection for the entire office. We cleaned all of the infected systems and implemented a policy requiring virus protection to use the network. Ultimately, because these are unmanaged systems there is no way for us to insure that all systems are virus free and we have subsequently run into additional problems.
What are some tips and best practices to protect our network from individual systems infecting other systems and interfering with or shutting down internet connectivity? The only network connectivity required is to access the internet and shared printers. There are no servers or file sharing on this network. Is there a simple hardware solution to 'isolate' each client from each other? How do hotels accomplish this?