The proper way of doing it is to turn on WEP or WPA (preferably WPA) and then only give out the password to those who should have it. A more advanced way would be to setup WPA Enterprise with a Radius server and give each valid user their own passwords, but that is a little outside what most people want (the Airport Base Stations are capable of it).
The bad way of doing it is to use the airport admin software and go to "Access Control". Notice: this is rather easy for a determined hacker to bypass, WPA is the only real security.