You should be able to do at least WPA (WPA-PSK = (P)re-(S)hared (K)ey).
WEP has been broken and is now easily compromised. WEP size doesn't matter, it's the Initialization Vector (which is the same for both sizes) that enables the vulnerabllity.
MAC filtering is easily overcome with MAC spoofing.
Not broadcasting SSID will prevent common users with Windows XP from seeing your link, but anyone using any kind of "sniffer" will see your traffic and know the SSID.
If you use WPA-PSK (minimum, WPA2 would be best), ***AND*** you use strong Pre-Shared Keys, your link will be as secure as you can make common wireless.
By strong key, I mean a long key (you only have to enter it once at each end ... ) *and* a key where there are no common words or phrases.
For example, if you put in a key: "scott's cisco aironet 1200 acess point" that's a fairly long key, but it's still vulnerable to a "dictionary" attack.
If instead you used "Sc05TT's Ci!sCo A-i-r-o-NET 12@@ aCC#ss ^po∫" or a randomly generated generated string of charactors, then the attacker would have to use "brute force" (run every permutation of characters until the key is broken).
If you use common words as a WPA pre-Shared Key, it is still hard to break, but easier than using random characters or words broken up with random non-alphanumeric characters.
WPA uses TKIP, which can provide rotating keys and reduces the chance of some bit-flip attacks.
WPA2 uses AES which is the most recent standard and is considered unbreakable.
Summary: Use WPA if at all possible, and use a strong "Pre-Shared Key."
FWIW
Scott
