- Limit the MAC addresses that can sign onto your wireless LAN so you don't get freeloaders or hackers riding along with you.
- Limit the transmit power of the wireless router so it doesn't spray Internet all over the neighborhood. All you need is enough for a good signal where you are yourself.
- Hide the SSID, the name of your wireless router, or at least change it from the default, which can tell potential hackers what kind of router it is and give them a leg up on cracking it.
- Disable scripting in the Web browser – forget it. You'll never see anything you want to see online again. Try NoScript on FireFox or NotScript on Chrome to pick the scripts or sites you want to block.
- Enable Data Execution Prevention – DEP essentially prevents anything from running that's not installed in the regions of memory able to run code. That limits buffer overflows, code buried in pages in memory and other exploits. It conflicts with some commercial apps, but not many. It's been around for a long time for Linux and MacOS, though only showed up in Windows with the debut of Vista and in Service Pack 3 for XP.
None of this guarantees the NSA won't be able to listen in to you, or that your data will be safe from hackers to break in to gaming sites, shopping sites or others to whom you give your credit-card info.
They do serve the same purpose as locking the doors to your car and not leaving a laptop out on the seat. They make it harder for someone to make you a victim and try to keep you from being so conspicuous that Adversaries decide you're a choice target.
Let the government do that instead.
Here's another link to the PDF with the full text on the NSA security recommendations.