Two things that you MUST NOT DO, EVER:
NEVER EVER suppress the beacon. While it hides your router, it force everything else to broadcast, in clear, their credentials. It's a HUGE liability!
Don't ever enable any "DMZ" (Demilitarized Zone) over any whireless connection! In some case, it could be used for a whired connection, but is realy not recomended.
============================
Now, for the things to do:
Make sure that every devices connecting to your network use a user name and secure password. The password must NOT appear in any dictionary. Using a passphrase instead of a password is greatly recomended.
Make that pass long, at least 10 characters up to as long as your devices can accept.
Use UPPER and lower case characters, numbers and symbols. There is nothing preventing you from using some unicode characters... Don't replace a leter with a similarly looking number or symbol as there are dictionarys listing all such substitutions.
No more than one user can be allowed to use a given password or passphrase. Give each users his own unique passphrase.
Enable the highest encryption protocol available. WPA2 is highly recomended. If not available, use WPA. You should never use the WEP protocol. If any device only support WEP, to bad, it won't be able to connect at all.
Have a software based firewall active on any computer that is to connect to your network.
Enable MAC Filtering. You must enter the MAC address of every computer that is allowed to connect. The MAC address is a string of 6 hexadecimal values and is unique to a given comunication interface. Any computer whose MAC address don't match will not be allowed to connect.
A good router will auto-detect the MAC addresses of any device connected and allow you to sellect those you want to allow. Use a white list (Allow only...).
Electro
September 2012