Planning a new network
Plan on cabling as much of a new network as possible. In many cases, cables will suffice for all connections. This offers much better security and speed than wireless connections.
Important Security Tip: If you're not using a router's wireless access capability, turn off its wireless access point.
Wi-Fi exposes all PCs to attack.
Networks that connect to the Internet reside behind at least one firewall that prevents malicious users from entering your network. However, if you have an unsecured wireless access point, you've opened a backdoor to all of your computers.
Remember that your Wi-Fi access point resides behind your firewall. Anyone can connect wirelessly to your network and attack your computers -- wireless and wired -- and try to download, damage, or delete your files.
Your Wi-Fi link won't be 54 Mbps.
Some Wi-Fi components are advertised to work at up to 54 Mbps (megabits per second). This is an inflated number that excludes real world overhead. The maximum theoretical throughput for 802.11b (11 Mbps data rate) is only about 4.5 Mbps and for 54 Mbps 802.11a/g service it's about 24 Mbps.
In the real world, Wi-Fi throughputs are much less. Reasons for further throughput reduction:
Multi-path signal distortion
'Foreign' signal interference
Packet collisions occur on multi-station wireless networks because all wireless stations on an access point share a single Ethernet segment. (On a modern switched and cabled network, packet collisions are dramatically reduced.)
Luckily, Wi-Fi specs include error correction methods, but the process of correcting errors reduces throughput. Users don't see packet collision and dropped packet reports; they perceive them as a slowing of their network.
Setting up a secure Wi-Fi wireless link
We must walk before we can run. I recommend that first, you create a wired link between your router and the PC in question. Make sure that you have communication in both directions. (You may need to temporarily place the PC near the router to connect a Category 5 100baseT LAN cable between the router and the PC.) Then, create an unsecured wireless link. Finally, secure the wireless link.
Modern routers usually include a built-in web server which allows you to manage the router from a web browser such as Internet Explorer. Usually you access this by first connecting an ethernet cable from your computer to the router and then, from within your web browser, logging unto the router's default IP address. If you don't have the documentation for your router, try http://192.168.0.1, http://192.168.0.254, http://192.168.1.1, or http://192.168.1.254.
Your router may challenge you to enter a username and password. Find the defaults for these in your router's documentation. If you don't have documentation, note that many routers are shipped with username admin and no password, so try that first. Otherwise, find your router's default username/password here or here.
From within your router's configuration screens, you should enable wireless security. WEP (Wired Equivalent Privacy), while based on a good algorithm, is weak. With the right software, a hacker can break it within a few minutes. Don't use WEP if WPA is available.
illustration: lars strand
AP = Access Point WN = Wireless Node = User's PC
You'll need to configure your wireless computers so that they and your router's wireless access point agree on the encryption scheme and password. While configuring your router, create a "whitelist" of computers that are allowed to use your wireless link. Each computer will be defined in this whitelist by its MAC (Media Access Control) address. You can configure your wireless access point to exclude all other computers. (Note: This step alone won't suffice. It's possible for a hacker to sniff your wireless link and spoof a whitelisted computer's MAC address. Think of it as a "soft" barrier that can be easily cracked.)
Some routers allow "WAN administration". Make sure that if yours does, that it is disabled. Otherwise, a hacker anywhere on the Internet can bang away at the router's password prompt until he hits the right one.
Finish by creating a password to protect the router's admin account.