LAN Network Protection

Hey everyone,

I've finished up practicing pen-testing my network but I wanted to know how far I should go to protect myself within my own network. For instance, what are the other possible attacks someone could do once they have penetrated network in my home? I know you can nmap for devices and I remember reading an article about wireshark.

Any guidance?