I am a newbie but my linux box isn't directly on the net
 

cable going through win2k advanced server, SP2 and weekly windows updates. Running ICS which distribute connection to the rest of the computers. This is my only linux box and since I have no knowledge of it. I am afraid I might be vulnerable. But since I am not directly in the public. And my lan's subnet is not 255.255.255.0, would this help?

Anything can be vulnerable if not configured right. Is there one main IP address on the win2k box with the rest of the computers having the IP's of 192.168.1.X(I.E. win2k is the proxy server) or do you have static IPS for each computer given to you by your ISP? What services are you running on you 2k box? What services are you running on your linux box? Shut down all unnecessary services on both boxes.

If you are running win2k as a proxy server, run a scanner on it's
IP see what's open. If you are using static ip's for each box run a scanner on each one.

Firewalls are nice too, as well as IDS. No matter what you do a determined intruder can get in, it's just a matter of that persons persisitence and know how. You just have to do everything you can to stop it. There is no such this as a hackproof network.

on the win2k box, I turned off iis and it's adminstrative service. Smtp service.

the ics wants to configure everything to 192.168.0.x I uses static ips internally with a different subnet

what kind of scanner should I run? I have nortion personally firewall and internet secruity, do they help? what's the difference between the 2?

usually when I want to see what;s open I use netstat -n command

you can scan it using nmap from the linux box or you can get superscan for the windows box. Both are free for download. Just do a google search for them. I'm not too familiar with the norton products. Sorry. But if they're configured right they couldn't hurt.