Just to add to this thread - last year I took a good look at how to "hack" wifi networks - as part of a test for my work. I won't get into any of the specifics, but it was way too easy. There are a couple things I learned though:
- Hiding your SSID is pointless
- MAC filtering is pointless
- WEP is easy to crack - and the busier your wifi network the quicker the hacker will get access. I hacked my own house in 4 hours.
- WPA/WPA2 are supposedly about equal to crack using brute-force; but it's really hard to crack it. Some people more recently have learned how to use the GPU (graphics card CPU) to punch through pretty quick (days/weeks of attempts).
The reason I say hiding your SSID and MAC filtering are pointless - the tools you run to crack WEP/WPA automatically hand you that information as part of the process. Even if your router isn't broadcasting SSID, your computer is searching for it - and anything your computer searches for is visible (your favorite hotels, your work wifi, etc). The MAC addresses of every computer on your network are displayed in plain sight in front of you - and you can see when they go offline (meaning you can now clone them).
I agree with the idea that security should be made up of layers - but the hassles MAC filtering add aren't worth it. You bring home a new phone, chumby, Wii, or anything else - and have to go add the MAC address to the table... and for what? Slowing a hacker down by 10-15 seconds? That's like locking the doorknob and the deadbolt on your front door. When they break the deadbolt down, the doorknob cracks anyways - that doesn't slow anyone down.
Learning how to crack wifi was educational - what I got out of it is that there's no such thing as secure wifi - any more than there's any such thing as a secure house. You can lock all the doors and windows and try to slow people down and discourage them from bothering with yours - but at the end of the day, if they want in bad enough, they're getting in. The goal is to discourage it as much as possible so they find an easier target. Now if you have something so important on your network that you can't take that chance or that would make you a target, you need to start looking at better isolation practices separating your wifi from your real network - then using VPN or other encrypted access methods as mentioned above. That at least buys you more protection.