Actually this can be fairly easy. The WEP is to encrypt (poorly in my view) what flies through the air. I won't dive into any deep debate, but it's not bulletproof but you want the bare minimum level so it's not human readable packets in the air. I've found that knocking it back to the 64bit encryption saved us from replacing non-playing wifi cards/drivers. YOUR CHOICE.

As to the MAC address. You just set the policy that no unknown MACs are allowed and make a file for the allowed ones and add them as you go.

Be sure to look out for the 32 user limit per WAP. Hint: you need more than one WAP.

Bob