“I’d also advise he configure his router to stop broadcasting the SSID altogether.”
That’s an excellent addendum. The SSID is network-name data your router transmits at an interval. Disabling it … is indeed a good idea, once you’ve configured the clients you wish to allow access.
No, no, no, no, no.
Don’t disable SSID broadcasting – at least, not for security reasons.
Think about it. Let’s say you’re setting up a blind date between two people. One of them is frail and small and is in serious danger of being a victim; the other is strong and beefy, and capable of serious self-protection.
Which one are you going to suggest should walk into the bar and yell out an identifying name, waiting for the other person to recognise that name and start talking?
Okay, so it’s a crude analogy, but bear with me…
Because if you configure your wireless access point or router to hide its SSID, then you’re going to have to configure all of your wireless clients – desktops and laptops, printers, etc – to broadcast the SSID whenever they need to create a connection. [And your roaming laptops are now going to give away your SSID not only to people in your neighbourhood, but people anywhere you take your laptop to. Hardly a security measure!]
The answer, of course, is to have an exchange of authenticating information (are you really Bobby or a serial killer pretending to be him?) – in the blind date example, you’d want both sides to see drivers’ licences to verify their identities. In the wireless example, you insist at the very least that your router and your devices use a pre-shared key for encrypted data exchange (that’s WEP authentication), or that they use certificate-based cryptography (that would be WPA).
Only use WEP if you can’t use WPA – if you have some devices that haven’t been upgraded to support WPA – and only use WPA if you can’t use WPA 2. WEP can be cracked in minutes by a determined attacker with sophisticated tools, but the truth is that you don’t meet many of those.