MAC filter and SSID hiding are bad ideas
THE SIX DUMBEST WAYS TO SECURE A WIRELESS LAN
<http://blogs.zdnet.com/Ou/index.php?p=43>
(Wireless LAN security hall of shame)
MAC filtering: This is like handing a security guard a pad of paper with a list of names. Then when someone comes up to the door and wants entry, the security guard looks at the person’s name tag and compares it to his list of names and determines whether to open the door or not. Do you see a problem here? All someone needs to do is watch an authorized person go in and forge a name tag with that person’s name. The comparison to a wireless LAN here is that the name tag is the MAC address. The MAC address is just a 12 digit long HEX number that can be viewed in clear text with a sniffer. A sniffer to a hacker is like a hammer to a carpenter except the sniffer is free. Once the MAC address is seen in the clear, it takes about 10 seconds to cut-paste a legitimate MAC address in to the wireless Ethernet adapter settings and the whole scheme is defeated. MAC filtering is absolutely worthless since it is one of the easiest schemes to attack. The shocking thing is that so many large organizations still waste the time to implement these things. The bottom line is, MAC filtering takes the most effort to manage with zero ROI (return on investment) in terms of security gain.
MY COMMENT: The downside of MAC filtering is that it often results in mysterious problems that waste lots of time to troubleshoot and fix. With no real upside, and a significant potential downside, it just doesn't make sense. Think cost:benefit ratio.
SSID hiding: There is no such thing as "SSID hiding". You’re only hiding SSID beaconing on the Access Point. There are 4 other mechanisms that also broadcast the SSID over the 2.4 or 5 GHz spectrum. The 4 mechanisms are; probe requests, probe responses, association requests, and re-association requests. Essentially, youre talking about hiding 1 of 5 SSID broadcast mechanisms. Nothing is hidden and all youve achieved is cause problems for Wi-Fi roaming when a client jumps from AP to AP. Hidden SSIDs also makes wireless LANs less user friendly. You dont need to take my word for it. Just ask Robert Moskowitz who is the Senior Technical Director of ICSA Labs in his white paper Debunking the myth of SSID hiding.
MY COMMENT: The downsides of SSID hiding are that it (a) makes it more likely that a neighbor will set up on the same channel as you, resulting in interference that can make your Wi-Fi problematic, and (b) can cause mysterious dropouts with products and/or drivers that don't handle it well. Again, with no real upside, and a significant potential downside, it just doesn't make sense. Cost:benefit ratio.