Cover the airwaves
Firewalls and security suites are futile against packet sniffers that capture wireless traffic on a given frequency. Use the strongest encryption your Wi-Fi equipment supports. From strongest to weakest, the options are WPA2 (Wi-Fi Protected Access 2), WPA and WEP (Wired Equivalent Privacy).
Intruders armed with readily available software can break into WEP in minutes, rendering it worthless except as a method to prevent bandwidth-stealing neighbours. Invest in new adaptors if necessary to ensure that you can make the switch to WPA. To provide both old and new adaptors with maximum security, choose a router that offers a WPA+WPA2 mode.
Regardless of anything you may have heard to the contrary, neither using MAC (media access control) address filtering nor turning off SSID (service set identifier) broadcasting is an effective security measure. Both are easier to bypass than WEP and can create connection and administration hassles.
MAC-address filtering, for example, requires you to enter a device's MAC address into your router's firmware to authorise it to connect to your network. But anyone listening in can spoof your authorised MAC addresses on their own equipment. Similarly, sniffers can detect even non-broadcast SSIDs, so turning off broadcasting merely makes it harder for legitimate users to connect to your network.
Avoid hotspot hijacks
Open wireless hotspots are notorious sources of infection. For true security on public networks, use a VPN (virtual private network) to encrypt all internet traffic between your computer and an intermediate server. Companies often run VPN servers, or you can sign up for a service such as WiTopia personalVPN or JiWire Hotspot Helper.
Most mobile phones are now web-enabled – getting online costs as little as £5 per month for 3 customers.
Next, in your Wi-Fi settings, turn off ad hoc (computer-to-computer) networking and prevent your laptop automatically connecting to networks that aren't in your preferred list. In XP, you can change both these settings by clicking the Wi-Fi icon in the system tray and selecting 'Change advanced settings'.
Under the Wireless Networks tab, click Advanced, followed by 'Access point (infrastructure) networks only'. Untick 'Automatically connect to non-preferred networks'.
In Vista, turn off the Vista Network Discovery feature when you're at a hotspot. Vista will switch it off automatically if you designate a connection as Public, but you can disable it manually in the View Network Status and Tasks control panel.
For more information on network security, our sister site Techworld has a comprehensive network security resource page.