I installed a combination wired/wireless network
in my home. Wired the basement when I finished
it out and have a wireless router that allows
me to access the network from anywhere else in
the house.

I do not turn off SSID broadcasting simply because,
as I unerstand it, any device that can scan for
a wireless access point will find any live access
point. Jusr because the access point doesn't send
out an SSID doesn't mean it cant be found (I'm
pretty certain that I'm correct in this...if someone
knows better, please chime in).

I do turn ON WEP encryption for all wireless stuff,
use 128 bit encryption and a long encryption keyword.

A key security thing I also do is to use a variation
of static IP address. What I mean is this...when
I initially set up the router, I will leave DHCP
on (router automatically assigns IP address')
but define a limited number of IP address for
the overall network. By limited, I mean only enough
for the devices that I'll have on the network.
I then set up and connect each device to the network
and go into the router admin screen and lock each
devices MAC adddress to whatever IP address the
router assigned. Do the same with the next device
etc...

As I add new devices, I go back to the router
admin screen, increase the network IP address
range by 1 and go through this process again.
End result....even if someone were to get by the
WEP encryption the system would not assign an
address (even though DHCP is on) because I've
limited the IP address to only those for the devices
I've attached/autorized) and even if a device
is off (it's IP address is potentially available),
a hacker would have to have the specific MAC address
associated with that IP address to get on the
system.

I know this sounds complicated but it really isn't
after you work through it once. Takes me all of
5 minutes (maybe) to add a new device to the network.

Bottomline is that I end up with a system that
is pretty close to airtight, but very flexible.
Once my devices are set up (laptop, wireless PDA
etc..) I can get on the network with anything
at anytime. When my kid's come to visit, I just
have them use a wired ethernet port. All I have
to do is logon to the router, increase the IP
address range, have them hook up and then lock
their MAC address to the new IP address. After
that I just leave it set so they can plug right
in next time they come to visit.

I leave the router firewall on and run Zone Lab's
software firewall on all PC's in the house. The
network connects to the outside world via encrypted
wireless broadband ISP (my router's IP address
is private/cant be pinged or accessed from outside)
and I've had absolutely no problems (knock on
wood).