security is a multi-faceted issue.
First, there is a proactive component; things you do to AVOID problems;
Routers, firewalls, escryption, blacklists, are some examples.
Secondly, there's the reactive component; antivirus and Intrustion Detection Systems are primary examples.
When you have a setup like
DSL/Cable modem --- some-router---systems(one or more)
the NAT feature of the router becomes your primary defense from
direct attack
from the internet (excluding email, applets, java, and ActiveX).
Without a wireless connection, this will defend a great deal. With a wireless,
the ENCRYPTION will be your secondary defense. If you setup your firewall
correctly, the worst case breach will be to 'seal bandwidth' of your connection.
The Wirewall will/could/should/must reject all access from LAN addresses you do not use.
EG: I have several systems and I setup the LAN to TRUST(allow)
anything from known addresses (198.162.0.1 -- 198.162.0.10).
I ensure that my DHCP assigns unknow users to 198.168.0.11 and above,
and set the firewall to disallow all access from these addresses.
While many people dump on Norton NIS, I like the Profiling capability which
allows me to create {away, office, home} profiles and assign separate runs to
each. I can go to any hotspot, connect, and be assured no one is getting access.
WPA is far superior to WEP, as someone with technical skills can get the key
and break the code *IF* they wish to make the effort.
Per the above reasoning, this can be mute if the secondary defense is setup correctly.