Using wireless on a server isn't the best way to secure it. Using WEP worsens it. Hardwiring the server not only gives you the assurance that people can't wardrive the network, but you get better performance. Wireless networks, with the exception of certain APs/routers, are easily hackable. However, if you still want to use wireless, use WPA-SPK encryption. WEP is inherently insecure. As for VPN, the port is disabled on the server but not on the terminals, so you'd still see it open. What you should do is create a group policy that closes that port as well, if you can.