Very techie guide to wireless security here

Generally I go by the following guidelines:

Before you even consider encryption your first lines of defence are to ensure you change your SSID from its default name, disable SSID broadcast and enable MAC filtering.

As stated earlier these can be easily bypassed, but the aim of good network security is to put in as many layers of defence as possible.

Having established these you now need to enable the strongest possible authentication/encryption that your firmware supports. In order of best to worst these are:

WPA-TKIP (WiFi Protected Access - Temporal Key Integrity Protocol)

WPA-PSK (WPA - PreShared Key)

WEP - Open Authentication (Wireless Equivalent Privacy)

WEP - Shared Key Authentication

None

The strength of the WEP encryption decrease from 256 bit down to 64 bit. 128 bit and below has already been compromised.

To run WPA-TKIP you need to run a RADIUS server. WPA-PSK is the best solution for SoHo users.

If your firmware doesn't support WPA then use WEP-Open at the highest bit strength your firmware supports. Generate 5 WEP keys and change them at least weekly. Google for "WEP Hex Key Generator" and create hexadecimal keys of the appropriate length for the strength of encryption you are using. Most of the utilities you find on google will walk you throught this.

One of the weaknesses of WEP compared with WPA is that it uses the same key for initial authentication and subsequent real time data encryption. That is why for WEP, Open Authentication is better than Shared Key because you are not revealing your key for authentication and hacker cryptanalysis as part of your broadcast.