Originally Posted by alex98uk
Just set it up on WPA2, Mac filtering and broadcast off. Unless your neighbours are a Government intelligence wing... then it's safe.
Mac filtering and turning ESSID broadcast off is a very poor security measure. People can uncover what your network name (ESSID) is in a few seconds, and then go ahead and crack it. Mac filtering is another poor security measure: there are a plethora of tools like macspoof for spoofing your mac to be the mac of an allowed client. You can see the mac addresses of machines connected wirelessly to an access point, so all a cracker needs to do is wait until it leaves the network, spoof their mac, and then they are in. Turning the ESSID broadcast off and using Mac filtering will only keep out skiddies or crackers with very limited knowledge.
WPA2 is the best security solution for home networks, but is still vulnerable to dictionary attacks and bruteforcing (however bruteforcing takes theoretically centuries if you have a long passkey). Dictionary attacks are fast when optimized to use Multiple GPU's and multiple-core CPU's. It is possible to run through dictionaries of nearly 2 billion passkeys in 5 hours with that type of resources.
The only practically secure wireless solution for home users on the cheaper, non-enterprise level wireless routers is to use WPA2 with a random 30 character or more passkey. An example would be:
KH8976H9RT3PP23D3H98KJHQWBN7887BKZXE and so on.
NEVER EVER USE WEP. People who think it is secure need to be slapped. WEP with any length or complexity or configuration can be cracked in 2-8 minutes. That's plenty of time for a dude sitting in a car outside your house.
Don't get me started talking about what can happen if you let a cracker into your wireless network. Bad, bad things can potentially happen.