Windows Firewall (or any software based Firewall for that matter) is absolute garbage for what OP is needing.
OP I would start with reading the guide in my link, tho it may be a little out of your knowledge at first this is one of the primary reasons I wrote it. Yes for your specific case I would recommend segregating your sis's system into a more protected area of the network, especially given the fact she is performing and retaining financial information on the system. A hardware firewall, specifically UTM may be advisable if it's within your budget (figure about $600-1k). The reason I suggest a UTM is not just for the firewall but also the IPS already built in as many are anomaly-based rather than rule-based IPS. Translation between the 2 based IPS's an anomaly-based IPS will learn what is normal activity and will automatically implement deny's or kill traffic if it is out of normal operation, rule-based is just as it sounds it is based on the rules you implement and requires ****tons more overhead and administration.
Beers I would not trust the long passphrase
In this instance I also would not recommend this system ever go across wireless.
This should also help determine why you would not want to rely on wireless security, http://www.zdnet.com/blog/hardware/c...-useless/13125