Most Wi-Fi access points and routers ship with a feature called hardware or MAC 
address filtering.
This feature is normally turned "off" by the manufacturer, because it
requires a bit of effort to set up properly. 

However, to improve the
security of your Wi-Fi LAN (WLAN), strongly consider enabling and using
MAC address filtering. 

Without MAC address filtering, any wireless client can join (authenticate with) 
a Wi-Fi network if they know the network name (also called the SSID)
and perhaps a few other security parameters like encryption keys. 


When
MAC address filtering is enabled, however, the access point or router
performs an additional check on a different parameter. Obviously the
more checks that are made, the greater the likelihood of preventing
network break-ins. 

To set up MAC address filtering, you as a WLAN administrator
must configure a list of clients that will be allowed to join the
network. First, obtain the MAC addresses of each client from its
operating system or configuration utility. Then, they enter those
addresses into a configuratin screen of the wireless access point or
router. Finally, switch on the filtering option. 

Once enabled, whenever the wireless access point or router
receives a request to join with the WLAN, it compares the MAC address
of that client against the administrator's list. Clients on the list
authenticate as normal; clients not on the list are denied any access
to the WLAN. 

MAC addresses on wireless clients can't be changed as they are
burned into the hardware. However, some wireless clients allow their
MAC address to be "impersonated" or "spoofed" in software. It's
certainly possible for a determined hacker to break into your WLAN by
configuring their client to spoof one of your MAC addresses. Although
MAC address filtering isn't bulletproof, still it remains a helpful
additional layer of defense that improves overall Wi-Fi network
security. 
 -- 
JRS 
stei...@pacbell.net


Facts do not cease to exist just
because they are ignored.



----- Original Message ----
> From: DHSinclair <dsinc...@bellsouth.net>
> To: Hardware Group <hardware@hardwaregroup.com>
> Sent: Friday, April 24, 2009 1:42:04 PM
> Subject: [H] MAC Address Filter
> 
> I use a d-link dgl-4300 router.  I have disabled the wire-less section.  I 
> only 
> do wired LAN business.
> The router is currently at F/W v1.8.  I do know that F/W 1.9 is available, 
> but 
> as I read the docs, it seems to only deal with wire-less 
> business/bug-fixes........
> 
> Can anyone point me to some reading about MAC Address Filters?  I do have 
> one; 
> and, I DO use it.
> But, now have questions................ :)
> 
> MyCurrentUnderstanding: I 'think' that my router's MAF is what allows my LAN 
> objects to gain access to the WWW (thru my router) via my Service 
> Provider.....(when enabled!)... Is this correct?
> 
> AND, I accept that this MAF access is completely 2-Way, with agreed 
> comprehension of non-routeable IP-Addy's?
> 
> I feel like I am walking into a black hole here.  .... :)
> Best,
> Duncan

Reply via email to