From what I have been able to determine, look into MAC address filtering in the access point. It may not be 100% full proof, but if anybody wants to steal some bandwidth at least make 'em work for it. I think a MAC address is easy to spoof, but difficult to determine an acceptable address.
I have found that WEP is difficult to implement with equipment from different manufacturers. So I have left it disabled. But I think this security measure is intended more to prevent eavesdropping issues.
Most equipment also allows an option to disable the broadcast of the ESSID value. I haven't tried this as yet. But once your wireless LAN is established, you might try turning it off.
In reference to Slack 9 though, it really doesn't have anything to do with it. Unless of course the access point is connected directly to a dedicated NIC in the Slack box and it then becomes the gateway for the wireless network. Firewall rules would still be the same as any other network. In addition, even DHCP services can be configured to assign only to certain MAC addresses from the Linux server.
Perhaps it has been of some help.