The IEEE 802.11 standard defines the following mechanisms for wireless security:

• Authentication through the open system and shared key authentication types

  Shared key authentication verifies that an authenticating wireless client has knowledge of a shared secret. This is similar to pre-shared key authentication in Internet Protocol security (IPsec). The 802.11 standard currently assumes that the shared key is delivered to participating STAs through a secure channel that is independent of IEEE 802.11. In practice, this secret is manually configured for both the wireless AP and client.

  Because the shared key authentication secret must be distributed manually, this method of authentication does not scale to a large infrastructure mode network (for example, corporate campuses and public places, such as malls and airports). Additionally, shared key authentication is not secure and is not recommended for use.

• Data confidentiality through Wired Equivalent Privacy (WEP)

  Wired Equivalent Privacy (WEP) should be enabled.
  Open system authentication does not provide authentication, only identification using the wireless adapter's MAC address. Open system authentication is used when no authentication is required.
  Some wireless APs allow the configuration of the MAC addresses of allowed wireless clients. However, this is not secure because the MAC address of a wireless client can be spoofed.

  Inherent in the nature of wireless networks, securing physical access to the network is difficult. Because a physical port is not required, anyone within range of a wireless AP can send and receive frames, as well as listen for other frames being sent. Without WEP, eavesdropping and remote packet sniffing would be very easy. WEP is defined by the IEEE 802.11 standard and is intended to provide the level of data confidentiality that is equivalent to a wired network.

  WEP provides data confidentiality services by encrypting the data sent between wireless nodes. WEP encryption uses the RC4 symmetrical stream cipher with either a 40-bit or 104-bit encryption key. WEP provides data integrity from random errors by including an integrity check value (ICV) in the encrypted portion of the wireless frame. However, one significant problem remains with WEP. The determination and distribution of WEP keys are not defined and must be distributed through a secure channel that is independent of 802.11. In practice, this is a text string that must be manually configured (using a keyboard) for both the wireless AP and wireless clients.

  The same hexadecimal string must be used on each device. There seem to be performance problems with older gear when using 128 bit WEP or 256 bit, so many networks run with the less secure 64 bit WEP, or even the original 40 bit. These can't be considered secure.

Wireless devices will log in using a Service Set Identifier (SSID). Change this from the default, and mix letters and numbers, just like you would for a password.

Network layer IP filtering can be added, especially to router access points, to filter out IP addresses you don't know about. Check the IP addresses of all your wireless devices, and allow them in the access point configuration. Also the IP addresses of all your wired (Ethernet) devices.

Other possibilities are Extensible Authentication Protocol (EAP), which uses session based WEP keys after a login. Virtual Private Networks (VPN) use encryption and tunnelling, and are very safe, but they may not work with all other networks.