On a wired network, physical authentication is implicitly provided by access: if a user is able to plug a cable into a network socket, he must have cleared other security checks such as the receptionist and/or locked doors. In the case of a wireless local area network (WLAN), the signal propagation is not limited by a fixed boundary, and unauthorized access from outside the security perimeter is possible, and in many instances facile. In this paper, we present a probabilistic technique for localization of users in a WLAN. The presented technique is able to identify intruders based on their location, and thus successfully defend a ”parking lot” attack. The approach relies on a probabilistic mapping from received signal strength (RSSI) to location. Calibration inside and around the security perimeter must precede the localization phase. During the localization phase, the RSSI of all the WLAN users is measured by multiple monitoring stations positioned to provide an overlapping coverage of the area (the access points needed to provide the WLAN coverage can double as monitoring stations). A Bayesian technique is used to estimate the location of the unsuspecting mobile user, and the position estimate of each user is updated with every new RSSI measurement at any of the monitoring stations. The presented approach is server-based, i.e., it works without the knowledge or cooperation of the user being tracked, thereby enabling the proposed security application, as well as location-aware services. Validation of the concepts was implemented using an experimental tested in an office environment. The results demonstrate the ability of the proposed technique to estimate the user location to a very high degree of accuracy.