Some of the Enterprise wireless vendors have countermeasures in their products for deauth/mitm/evil twin/ and many other attacks.
I don't work for the company, but I am a fan and a customer. Aruba has some really nifty features. Others do this as well, but Aruba was one of the first.
The Aruba Instant don't require any additional infrastructure and something like the RAP-3WN can be found on Ebay for fairly cheap.
Crank up the defense settings, and your AP will literally attack back when it detects a known attack on your network.
It'll frustrate the heck out of the kiddie running backtrack on your block when the tutorials he's watching on youtube on hax0ring wifi don't yield results.
WPA2 with a strong PSK should be sufficient, but if you want to take it to the next level use EAP-TLS and set up your own PKI. Make sure to validate the CA certificate so you're not susceptible to MITM attacks.