May 28, 2012

1.6.7 MAC Filter

MAC filter

MAC addresses are uniquely assigned to each network adapter. Every wireless network adapter has a MAC Address burnt into it.

When a wireless network adapter attempts to access the network, the access point (or router) checks the devices’ MAC address. Using MAC address filtering on a network allows the administrator to permit (or deny) network access to specific network adapter devices. If the MAC address doesn't match what's on the list, no connection is possible.

This security isn't perfect. MAC Address filtering is often referred to as Security through obscurity because while giving some additional protection, MAC filtering can be circumvented by a determined hacker configuring their client to spoof one of the validated MAC addresses. Using MAC Filtering may lead to a false sense of security.

To set up MAC address filtering, the administrator configures a list of network adapter MAC addresses that will be allowed to join the network. Then, each address is entered into the wireless access point.

Once enabled, whenever the wireless access point receives a request to join with the WLAN, it compares the MAC address of that client against the administrator's list. Clients on the list authenticate as normal; clients not on the list are denied any access to the WLAN.

MAC addresses are sent in the clear as required by the 802.11 specification. As a result, in wireless LANs that use MAC address filtering, a network attacker might be able to subvert the MAC filtering (or authentication) process by spoofing a valid MAC address.

MAC address filtering is not bulletproof, however used as an additional layer of defense, it can improve the overall wireless network security profile.


No comments:

Post a Comment