[buckslayer80]

[ QUOTE ]
Not sure what capabilities your router has, but a few steps up in security would work as folows:

Wireless clients connect to a mac-filtered access point that authenticates users via a separate RADIUS server and isolates wireless clients from seeing other wireless clients that are connected. This would be a dedicated wireless zone in it's own subnet. From there, wireless clients would VPN in to the "real" local network.

That pretty much covers the wireless side. Depending on your environment, you may wish to take further steps on the LAN.

edit for clarity: The Access Point would have the capability to do the RADIUS authentication of clients as well as having the clients not see other client's network traffic. Most (all?) $80 off the shelf SOHO wifi gear won't have this capability. Buffalo used to make one for about $200 but that model was discontinued (not sure what replaced it as I haven't needed to order any lately).

Also, the private subnet containing the wireless traffic would have no gateway, no DNS, no route to anywhere except the VPN server address, port(s), and protocol(s).

[/ QUOTE ]

Would you really recommend all that for a regular user? That's a good bit of setup. Or were you just telling the OP what to do if he really wanted to max out his security?

I ask the OP my original question, why do you need so muchsecurity, or do you want it just to have it?