I put the following post in answer to another question, but since yours is about security as well, I will copy it here:
The single most important thing you can do to prevent unauthorized access to your network and data, is to properly secure your wireless network with WPA2 (or WPA if your equiptment does not support 2) Do not use WEP as it is terribly insecure and can be trivially cracked. The FBI cracked WEP in 3 minutes flat using the following:
Run Kismet to find your target network. Get the SSID and the channel.
Run Airodump and start capturing data.
With Aireplay, start replaying a packet on the target network. (You can find a 'good packet' by looking at the BSSID MAC on Kismet and comparing it to the captured packet's BSSID MAC).
Watch as Airodump goes crazy with new IVs. Thanks to Aireplay.
Stop Airodump when you have about 1,000 IVs.
Run Aircrack on the captured file.
You should see the WEP key infront of you now.
As you can see, this is not too terribly complicated and these tools are readily available (Please don't use this info to hack your neighbor's WEP network, I included the info simply to demonstrate how easy is is to break WEP) Now the bad news, WPA/WPA2 has a vulnerability as well. You do not want to use a short passphrase consisting of a word found in the dictionary. This will leave you vulnerable to an offline dictionary attack (A type of brute force attack where words found in the dictionary are thrown against a passprase to recover the passphrase) by someone using KisMac or coWPAtty. (Two popular wireless hacking tools that are also freely available) You will want to use a randomly generated complex passphrase consisting of at least 34 characters. Most publications say 20 characters, but you get about 2.5n bits of security per character +12 bits (2.5n+12 total) in a passphrase .So, this would only give you 62 bits of equivelent security. Bare minimum you want want 96 bits of equivelent security, so 34 characters will give you 97 bits. Ideally you will want to use a 64 digit hexadecimal. This will give you a full 256 bits of security, plus using a 64 digit hex avoids the hashing process used to create the 256 bit Pairwise Master Key, because the hex is used directly as the key. It is this hashing process that leaves WPA/WPA2 vulnerable to a dictionary attack when short dictionary words are used as the passphrase. Now the good news. The brute force dictionary attack is the only known effective attack against WPA/WPA2. if you use a 64 digit hex you will make your network reasonably secure against any sort of brute force attack in that each of the 2^256 possibilities must be tried since your passphrase can not be found in a dictionary. This is a huge number
1.1579208923731619542357098500 869x10^77 or in decimal format:
1,157,920,892,373,161,954,235,709,850,086,900,000,
000,00 0,000,000,000,000,000,000,000,000,000,000,000,000
Now the really good news. to check each of the 2^256 possibilities, you would have to have a device that could crack a billion billion keys per second and it would still take you 3.671x10^51 years to check every possibility. (3,671,743,063,080,802,746,815,416,825,491,118,336
,290,905,145,409,708 years) As you can plainly see this is significantly longer than the 3 minutes it took the FBI to hack WEP. Now the best news of all. The DES cracker Deep Crack (something your local wardriver is not likely to have) could only do 90 billion keys a second,and would take 4.0769221021355023274397357709461x10^58 years to exhaust all the possibilities. Newer devices can do 256 billion keys a second These computing Goliaths would still take 1.4332929265320125369905321069732x10^58 years to exhaust the possibilities. The two most popular tools, KisMac and coWPAtty (something your local wardriver IS likely to have) can do 100 and 60 keys per second respectively. Now, this can actually be subtantially increased to around 76,000 keys a second using precomputed hashes. But, 76,000 still falls way short of even the DES cracker, and precomuted hashes in a dictionary attack are of no use if your SSID hash is not in the hash file, and your password is not in the dictionary file. But, for the sake of argument it would still take 4.8279340683183580193365292024362x10^64 years to run through all the possibilities. In reality at 100 possibilities per second it would take 3.6692298919219520946957621938515x10^67 years to exhaust the possibilities. So as you can see if you use a sufficiently complex and random passphrase, you can have a fairly secure network. if you use something like:
toast
Thats exactly what you will be, and it will take anywere from 0.2 seconds to around 5 minutes to hack your network. However, if you use something like:
DE9350EB9F96D947A962E5C9D71A6F5FC3DE5D006BF1340400
050D30354AF49F
(a 64 digit hex)
Your would be hacker is going to be busy for quite some time try ing to hack your network.
If you don't have the means to generate these sort of passowrds, you can go to:
https://www.grc.com/passwords.htm You'll want to get this on a computer that is wired to your network.
Hope this helps.
P.S. if your equiptment does not support using a 64 digit hex, you can still use 63 character randomly generated passphrase like:
>66X>XC'kidz^7{u(,v}*C&-X\[|hl}?@O>Kc6w6>goGNB**wO
"",0ADq]x*yUg
or
1ZuyAQP3yaqsoyJgBRu0XWidkTm2nWZj6iZVLcArL0C4zeKGyn
eEC7ZqmKRsyZ6
But be aware that this will only provide 169.5 bits of equivelent security. So, this leaves only 1.0582402237152498756263674716231x10^51 possibilities to check. At a billion billion keys per second, it will take your hacker only 33,533,609,137,426,479,695,108,863.5 (3.35336091374264796951088635x10^24 years to crack your passphrase by brute force. By the way, the age of the universe is believed to be 15 billion years 1.5x10^10. ;-)
