Most Wi-Fi access points and routers ship with a feature called hardware or MAC address filtering. This feature is normally turned "off" by the manufacturer, because it requires a bit of effort to set up properly.
However, to improve the security of your Wi-Fi LAN (WLAN), strongly consider enabling and using MAC address filtering. Without MAC address filtering, any wireless client can join (authenticate with) a Wi-Fi network if they know the network name (also called the SSID) and perhaps a few other security parameters like encryption keys. When MAC address filtering is enabled, however, the access point or router performs an additional check on a different parameter. Obviously the more checks that are made, the greater the likelihood of preventing network break-ins. To set up MAC address filtering, you as a WLAN administrator must configure a list of clients that will be allowed to join the network. First, obtain the MAC addresses of each client from its operating system or configuration utility. Then, they enter those addresses into a configuratin screen of the wireless access point or router. Finally, switch on the filtering option. Once enabled, whenever the wireless access point or router receives a request to join with the WLAN, it compares the MAC address of that client against the administrator's list. Clients on the list authenticate as normal; clients not on the list are denied any access to the WLAN. MAC addresses on wireless clients can't be changed as they are burned into the hardware. However, some wireless clients allow their MAC address to be "impersonated" or "spoofed" in software. It's certainly possible for a determined hacker to break into your WLAN by configuring their client to spoof one of your MAC addresses. Although MAC address filtering isn't bulletproof, still it remains a helpful additional layer of defense that improves overall Wi-Fi network security. -- JRS stei...@pacbell.net Facts do not cease to exist just because they are ignored. ----- Original Message ---- > From: DHSinclair <dsinc...@bellsouth.net> > To: Hardware Group <hardware@hardwaregroup.com> > Sent: Friday, April 24, 2009 1:42:04 PM > Subject: [H] MAC Address Filter > > I use a d-link dgl-4300 router. I have disabled the wire-less section. I > only > do wired LAN business. > The router is currently at F/W v1.8. I do know that F/W 1.9 is available, > but > as I read the docs, it seems to only deal with wire-less > business/bug-fixes........ > > Can anyone point me to some reading about MAC Address Filters? I do have > one; > and, I DO use it. > But, now have questions................ :) > > MyCurrentUnderstanding: I 'think' that my router's MAF is what allows my LAN > objects to gain access to the WWW (thru my router) via my Service > Provider.....(when enabled!)... Is this correct? > > AND, I accept that this MAF access is completely 2-Way, with agreed > comprehension of non-routeable IP-Addy's? > > I feel like I am walking into a black hole here. .... :) > Best, > Duncan