Wireless Network Security: Filtering the MAC address

When attempting to secure a wireless network, in addition to encryption and authentication of WEP and WPA, you can also keep users from connecting to your WLAN if they do not have a registered or authorized MAC address associated with their network card.

In addition to adding a list of authorized MAC addresses to the individual APs that make up your wireless network, you can centrally maintain a list of authorized MAC addresses via a RADIUS server.

Because many operating systems allow you to locally set your MAC address on your network card, this security is only light security — like WEP.

If an intruder knows a valid MAC address on your network, either by social engineering or by capturing wireless network frames, he can use that to gain access to your network by manipulating his own MAC address. You will see a noticeable issue only if the real computer is on the network at the same time.

Many home users go through the extra work of authorizing MAC addresses on their wireless network even after they are encouraged to eliminate that practice and instead using the more secure and easier to administer WPA2. Some of these home users have not even implemented simple encryption like WEP and rely solely on the ability to block unauthorized MAC addresses on their network.

blog comments powered by Disqus
Advertisement

Inside Dummies.com