Of course the best security is just to use the wired portion, but failing that this is how I have mine set up, starting from the bottom.
UPnP: Disable (no point letting Trojans and others control internet access to your network)
Remote Management: Make sure it's off !!
Wireless Setup: Disable Wireless Access Point (for now)
. . . . . . . . . . . Disable SSID Broadcast
. . . . . . . . . . . Setup Wireless Access Card List
. . . . . . . . . . . Turn Access Control On
. . . . . . . . . . . Enter the MAC Addresses of every wireless interface card you intend to allow to access your network and give them a name.
LAN IP Setup: Reserve by MAC address low range IPs for your computers (192.168.0.2, 192.168.0.3, etc.)
. . . . . . . . . . Set the upper limit of the DHCP server to the highest number you have entered.
WAN Setup (these are all defaults): Auto Connect checked
. . . . . . . . . Disable SPI Firewall, DMZ Server & Respond to Ping unchecked
Port Triggering: Disable all rules (I haven't had any problems, but if you use one of these apps you may have to turn that rule on)
Port Forwarding: Add a new custom rule, "IDENT", port 113 and send it off to 192.168.0.254 (into the ether). The router responds to internet queries on port 113 as closed rather than stealth mode, this will fix it.
Set Password: Choose one for your router, NOT a real word or name.
Block Services: Add a custom service that blocks all ports (1-65534, TCP/UDP) for IP addresses outside the range you have already reserved and set it to always block. (If you want to limit users to standard internet services you can block ports 1280-65534 on their machine via assigned IP as well)
Wireless Settings: Choose a SSID, password type rules apply, for example you will encrypt the transmission so that it will be gibberish, so a password could be "G166er1sh". Do not use your workgroup name.
. . . . . . . . . . . You may need to change the wireless channel if you suffer interference
. . . . . . . . . . . Use WPA-PSK and again use password rules when selecting a keyphrase
You can turn the wireless access point back on now. Some of this is probably a bit over the top, but you asked for it.
To tell if you are accessing the right router you can look at the attached devices section. However as you should only be able to connect to a router on the same channel with the same SSID, it is more than unlikely that you'll connect to your neighbours router
Edited by Kurt_Aust, 29 October 2005 - 06:00 AM.