Wi-fi earned a reputation early on as an insecure technology to link machines in a LAN. Most Wi-Fi devices ship with security features disabled, so anyone with a Wi-Fi-enabled laptop or PDA can park outside your home or place of business and access your wireless network.

WEP and MAC filtering - not good enough
The first line of defense, known as Wired Equivalent Privacy (WEP), didn't meet the security test. WEP is built into every Wi-Fi device, and using it is better than nothing, but its encryption routines are flawed. WEP keeps casual snoops at bay, though widely available software will let a serious intruder break a WEP key in as little as 15 minutes on a busy network.

You can limit access to your network by using Media Access Control (MAC) address filtering on your gateway, where you restrict access based on the MAC address, a unique code that's built into every Wi-Fi adapter (and Ethernet adapter, for that matter).

MAC filtering may keep out neophyte hackers, but it also isn't foolproof: Since MAC addresses are sent in the clear even when you encrypt, a competent snoop can defeat MAC filtering easily.

WPA - improves on WEP
Instead of relying solely on MAC filtering, combine its use with WEP's replacement, Wi-Fi Protected Access (WPA). WPA fixes all the broken parts of WEP, and it comes built-in on any Wi-Fi certified device that's been released since September 2003. WPA firmware upgrades are available for many (but not all) older 802.11b gear sold between 1999 and 2002. Check the manufacturer's Web site for more information about your particular brand of card and gateway.

For Windows XP, you must download a patch before you can use WPA, though newer PCs may ship with the patch installed. The patch adds basic support for WPA in the operating system, along with several other new technologies that are required for WPA to work correctly.

Laptops with Intel's Centrino mobile wireless technology will also let you install the WPA patch; but even though Intel has released updated drivers, individual laptop manufacturers have to integrate those drivers into their versions of Windows XP before WPA will work on them. Check with your notebook manufacturer's tech support to find out whether, and how, to upgrade. Intel's new 802.11g Centrino adapter, due to appear in laptops this year, will fully support WPA without extra downloads or patches.

Choose a passphrase
When you use WPA, you protect your network with a passphrase (a longish password, from 8 to 63 characters in length). You enter the passphrase into a WPA configuration page on your gateway; thereafter, anyone who wants to connect enters the same passphrase into the Wi-Fi card settings. Without the passphrase, a would-be user can't connect.

To enter the WPA passphrase into your Wireless Network Connections profile, double-click My Network Places, then click View Network Connections in the left pane. Right-click your Wi-Fi network connection, select Properties, and double-click an existing network in the Preferred Networks pane (in the lower half of the Properties dialog box). In the Association tab, choose between WPA-PSK and plain WPA on the Network Authentication pop-up menu. Plain WPA is designed to integrate with a RADIUS authentication server on a business network; WPA-PSK uses a pre-shared key to get by without corporate authentication on a smaller network. In the Data Encryption pop-up menu, select TKIP, enter your WPA passphrase twice, and click OK to save the profile.

One proviso with WPA: Though this privacy standard is highly secure, a researcher reported in late 2003 that a passphrase less than 20 characters long composed entirely of words could be cracked. Use a longer passphrase, and include some punctuation marks or numbers for maximum security.