Increase your wireless security by using MAC filters
By now most everyone knows how important it is to secure your wireless network. The most common ways of doing this include using WEP or WPA. You can increase your wireless security by using MAC filters.
For those of you who don’t know, every wireless card has what’s known as a MAC address. A MAC address is 10 digits long and is unique to the wireless card. You can use your wireless card’s MAC address to increase your wireless security by filtering access to your wireless network based on the MAC address. Your router already has this capability built in and it is easy to implement.
To start you, should find out what your MAC address is. In Windows XP, open up Command Prompt by going to Start >> All Programs >> Accessories >> Command Prompt and type the following command:
ipconfig/all
this command in Linux is ifconfig.
You should get a screen that looks like the following:
Windows XP calls the MAC address the “Physical Address.” Your MAC address is the 10 digit code listed after “Physical Address” and is boxed in red above. Either write these digits down or remember them because you will need them in a minute.
The second step is to connect to your router. For most people, you will be able to access your router by typing either http://192.168.1.1 or http://192.168.0.1 into your browser.
Once you access your router, go to the “Wireless” section. All routers are different, but you should have a screen that is somewhat similar to the one pictured below. Somewhere in your Wireless section you will be able to find a screen related to MAC address filtering:
Once in the “MAC Filter” section of your router turn on the MAC filter and set the filter to “Permit only PCs listed to access the wireless network.” This is shown below:
Click the Edit MAC Filter List button and add your MAC address to the list. Now only your MAC address will be able to access the wireless network. Even if other PCs know the SSID and password for your network, they still will not be able to connect to the network. Do this for all the PCs on your network and you will have increased your wireless security.
Jean wrote:
This HowTo is not increasing the security, because everyone can change the Mac Address with some tools.
Its also very easy to find the right MAC Address because the MAC Addresses are send out without encrypt them.
So this is a very poor security option. You should use WPA or WPA2 encryption. And hide your SSID!
Posted 08 Jan 2007 at 12:19 am ¶
kylepott wrote:
@Jean: All great points. Filtering access based on the MAC address should not be your first (or only) line of defense. If you’re using WPA or WPA2 and someone already has your SSID and key then you’ve got bigger problems than MAC filtering can stop. The argument I’m making is that filtering gives you a finer-grained control and gives you a more secure network because you can track specifically what PCs are allowed to connect to the network.
If a PC with an approved MAC address cannot connect to the network because the MAC has already been detected, this would hlep you would identify any spoofed MACs.
Posted 08 Jan 2007 at 7:29 am ¶