No, but if you're downloading lots of illegal material then it may be offer a possible escape route come prosecution time. Just don't do your banking or anything over your wifi connection.
No, the private key can be reverse engineered pretty quickly and easily from analysing the data you are transmitting.
MAC addresses can be spoofed very easily, although it does add a small further hurdle to cross. I no longer use wifi at home having seen professional penetration testers in action. I never use public wifi networks either unless I am in a VPN tunnel.
As Spike says; stay away from WEP... WEP can be cracked with less than 40,000 packets - which can be gained in under a minute of scanning. Even if you think that your network doesn't generate enough packets to be cracked quickly, an attacker can create "fake" traffic (basically, you bump a client off the network, when the client tries to reconnect you read the reconnection packets. Then replay these repeatedly from one machine to the router while "listening" from the second machine - this does become an active attack as a pose to a passive one, but it means WEP is crackable in less than a minute - which even if security is alerted means you can get your packets and drive off before they've had time to look out the window). An additional problem is that once your WEP-key is compromised, all traffic between the client and the router can be read by the attacker (programs like WireShark will even decrypt them on the fly)
WPA is safer - but using a similar method to above WPA is vulnerable within 20 minutes. Again, 2 machines are ideal (or two network cards) to generate extra traffic on the network.
WPA2 (both PSK and EAP flavours) adds more security, and it becomes much harder to crack. Generating/capturing the packets drops into the background, while the time is consumed in brute-forcing the actual key. I'm doing some testing using rainbow tables to speed up the process, but I'm greatly limited by the size of my laptop hard drives.
One MAJOR advantage of WPA/WPA2 is that in addition to the key/password, each client connects with some "salt" added to the key. Hence, once an attacker compromises the network, the traffic of other clients is still encrypted an needs further analysis. (This does NOT mean that they cannot access your shared services and attack in other ways - it just means that as you type your credit card details on a non SSL-encrypted webpage they still can't see it without further work.) Obviously, a strong password plays a large role in securing the system (>21 characters, non-dictionary words, etc etc etc)
All in all; wireless isn't that safe unless you rely on a better encryption system in the background. Certifcate-based VPNs have proven quite reliable (and popular with larger enterprises) and can be set up fairly easily in your home with an old linux-based machine serving as the gateway.
At the end of the day, it really depends on what you're going to use your connection for and what your nehibors use. You CANNOT secure your network; there is no such thing as an unbreakable security system. You CAN make it harder to break than your nehibors though - and most attackers will go for the easiest option.
Personally, unless you expect to have a determined attacker (e.g. someone with a grudge) WPA2 is acceptable. If are in a situation where an attacker is determined to break into your network, seek professional advice. They will probably recomend a set of measures more appropriate for your situation.
Michele
p.s. too much encryption is a bad thing too - you end up with overheads that slow things down, so you really need to decide how important your data is.
p.p.s. Has anyone played with a pre-N/draft-N card/router? I haven't had time to look at it yet, but hows the encryption on those? Do they rely on the same system as b/g?
p.p.p.s. If you want to play with something, try backtrack linux. It's a live distro (no install needed) and has most tools built in...
) and couldn't get any combo to work.
