If you're using a router, it’s protecting your local network from intrusion over its WAN port and associated firewall. In theory, if the firewall was coded perfectly, intrusion would not be possible. But nothing's perfect and vulnerabilities, while extremely remote, are always a theoretical possibility.
Also, each time you open/forward ports on your router's firewall, that opens the door to exploiting potential vulnerabilities with the services associated w/ those ports. So keep your ports closed unless absolutely necessary.
And since some applications can open ports automatically behind your back using UPnP (Universal Plug N Play), you might want to make sure that feature is disable on the router (of course, that could complicate things you want to have UPnP access, like gaming consoles). When you do open/forward ports, keep them open only as long as necessary. And never use the same ports externally as internally (e.g., if you have an SSH server using port 22 internally, make it something unexpected externally, like 34609).
That’s why I tell ppl NOT to use applications like RDP for remote access. It requires opening the RDP ports. But if you use something like LogMeIn or TeamViewer, these are services that do not open INBOUND ports. Instead they initiate connections from inside your network and use those same connections to handle inbound requests! In fact, if you want a really safe and flexible remote access solution, use LogMeIn Hamachi and run all your protocols over it (RDP, FTP, HTTP,VNC, Windows file sharing, everything).
Also, I know a lot of ppl who don’t like to use username/passwords for a home network, just too much hassle. But if you do, and someone still gets into your network, it makes it that much harder to do damage.
Frankly, wireless is not anymore of a threat than the router’s WAN if you use a high-quality password (long, random, and based on a large character set,
http://www.grc.com/pass ) and use WPA/WPA2. It’s perfectly safe. What gets ppl in trouble is not using wireless security at all, or bad passwords (too short, using dictionary words, etc.).
Can’t cover everything, but those are some of the basics I abide by.