If using a hosting company for fonts is not an option, you need to do all the work that hosting companies do. This means that you reliably transfer the font from your servers to the browser, making sure that the font file contains only enough information to allow the browser to display the type, not allowing the end user to download the font itself and use it locally, and also confuse the font itself.
First of all, make sure you have a license to use the font on the Internet. If you do not have this, you are screwed.
After that, you will want your fonts to be a subset, so that they include only the characters that your website should display. Then you need to make sure that your fonts are messed up so that the font is not applicable on the desktop. Font Squirrel @ font-face generator can do both this and the previous step. Make sure you use Expert mode to create a set of fonts, use their WebOnly ™ protection and a subset of the font to include characters.
Font Squirrel also converts fonts to EOT, OTF and WOFF files, which will help your fonts to be used in the vast majority of modern browsers.
Finally, you must ensure that your web server is configured to prevent hot links to the font files themselves by not allowing them to request from anywhere other than your site.
Once you take these steps, you will be as far away as you can. You want your font files to be cacheable, but you need to strike a balance between cache performance and potentially store files in the browser cache for a long time. This exercise is left to the reader.
It is important to remember that even after completing all these steps, users can download modified font files and use them on the desktop with relative ease. You cannot prevent people from downloading fonts and using them illegally in 100% of cases, but by taking these steps you are moving forward to make sure you have done everything you can.