The best way to protect your network is to use explicit access control based on Media Access Control (MAC) addresses that a uniquely identify each network interface. Most broadband routers have such access control feature readily available, but the degree of simplicity to configure and enable them depends on make/model and firmware revision of the router. You'll need to consult the documentation for specific instructions for “Access Control” and/or “MAC Filtering” for wired and wireless services.



Securing the wireless portion will be relatively easy: Choose the most advanced algorithm and the longest encryption key possible. WPS is the latest and simplest technology (pretty much all systems made in the last 2 years support it), followed by WPA2 and WAP (which has 1 known vulnerability that occurs only in 1 specific type of configuration). Avoid WEP – it’s relatively easy to crack (but it’s better than nothing, as outlined in the article “Securing your wireless network” listed in the sources below).



I would suggest the following measures:



1.Change the administrator password to a non-default password.

2.Don’t broadcast your SSID (so it won’t show up in a network list).

3.Change channel from default (unless your router is capable of sensing conflicts).

4.Reduce your Wifi transmitting power (reduce the area of coverage to a minimum).

5.Use MAC filtering for access control.

6.Use the most sophisticated encryption available.

7.Use a non-default IP address range (e.g. 192.168.121.x or 192.168.137.x is better than 192.168.0.x or 192.168.1.x because these ranges are harder to guess)



For the wired ports, things are a bit more complicated (and again depend on make/model and firmware revision of your router and switches): There is usually less security on wired connections because of historical evolution and an assumption that physical access can be limited to trusted people. So, let’s start with physical access: Put all routers, switches and modems into a lockable room (or a lockable cabinet with sufficient ventilation). Try to protect CPUs and wall outlets so that there is no easy access (i.e. expose only keyboard mouse and monitor and hide the CPU and network connections in cabinets).



If you cannot physically protect the network connections (i.e. somebody can unplug a cable either at the computer or a wall outlet), you can implement some logical measures but these are somewhat limited with consumer-level hardware (because of costs and the fact that such devices are meant to enable access rather than prevent it). In some cases, routers also apply the above mentioned MAC filtering rules to wired connections. This would be your first line of defense.



However, on hubs and simple Ethernet switches, the data traveling on the wires can be seen by all devices on the network. This makes it relatively easy for a cracker to install a packet sniffer, look into the traffi and learn what devices are attached. The cracker then can configure his or her system to pretend it was a legitimate system – a process that is called “spoofing.” That’s why in high-security environments use more sophisticated ethernet switches (for example the Cisco 3550 series) that enable and disable physical ports and authenticate attached systems and their users based on access control systems like Tacacs+ or Radius. Taking advantage of such features requires authentication servers and software installed on the client systems that deal with the challenge/response mechanisms (additional hardware and software = additional costs).



Security is a trade-off based on a cost/benefit analysis (how much security do you need and how much time and money are you willing to spend on implementing and maintaining it compared to how much you could actually lose in terms of stolen data or stolen services). By the same token, cracking networks is also subject to a cost/benefit analysis: How much time and effort is a cracker willing to spend to intrude a network.



At the end of the day, no security measure is perfect and all networks can be cracked. It's sensible to protect yourself by setting the bar as high as possible. So, I hope my answer provides you with some insights and guidelines for securing your network as good as possible with what you already have.

A WEP (Wired Equivalent Privacy) Key allows a network administrator to limit access to a home network and prevent unauthorized users from using the network services. With WEP security enabled, whenever a new individual tries to access network functions, she is prompted to enter the WEP key to gain access. However, this can be an issue if the network administrator didn't save a copy of the key and doesn't know how to access the key. Accessing your network's settings to retrieve the WEP key for the Wireless network is simple

Install a file-sharing system that requires authentication, preferably using SSL or other crypto to protect credentials in transit, and only issue credentials to people whose identity you have checked. Use access control lists to limit access to files and folders to certain people or groups. Protect files by doing regular backups, and by using version control like SVN to preserve earlier copies. Implement an audit trail in logging to record which users have accessed or changed files. Uisng a firewall to control access based on network address, e.g. only locally-connected users, is a useful second line of defense. In a simple home network on WiFi, using a good WPA key and only giving it to people you trust is probably good enough for most people, in combination with a firewall or NAT rules that prevent access from the public Internet

use passwords that are very hard to crack and only tell it to people you know will keep it a secret!

dont tell anyone your wep/wap code aswell!:) hope i helped!