Networking / Beginners

---

MAC Address Filtering

Most WAPs support MAC address filtering, a method that enables you to limit access to your network based on the physical addresses of wireless NICs. MAC address filtering creates a type of "accepted users" list to limit access to your wireless network. A table stored in the WAP lists the MAC addresses that are permitted to participate in the wireless network. Any data packets that don't contain the MAC address of a node listed in the table are rejected.

Many WAPs also enable you to deny specific MAC addresses from logging onto the network. This works great in close quarters, such as apartments or office buildings, where your wireless network signal goes beyond your perimeter. You can check the WAP and see the MAC addresses of every node that connects to your network. Check that list against the list of your computers, and you can readily spot any unwanted interloper. Putting an offending MAC address in the "deny" column effectively blocks that system from piggybacking onto your wireless connection.

While both methods work, a hacker can very easily spoof a MAC address-make the NIC report a legitimate address rather than its own-and access the network. Worse, a hacker doesn't have to connect to your network to grab your network traffic out of thin air! If you have data so important that a hacker would want to get at it, you should seriously consider using a wired network, or separating the sensitive data from your wireless network in some fashion. MAC address filtering is also a bit of a maintenance nightmare, as every time you replace a NIC, you have to reconfigure your WAP with the new NIC's MAC address.