Should you be using MAC address access control
to protect your wireless
network...
Previously I discussed
whether you should close (not broadcast your SSID) your wireless network, today
another question, should you be using MAC address access control to restrict
client access to your wireless
network.
Each network interface has a unique MAC address which will be something like 00:4b:93:67:ec:49, when using MAC address access control on your wireless network, the wireless base station will check the MAC address of the connecting client and check to see if it is on a list of registered clients, if it is, you get connected, if not you don't.
It use to be useful, but MAC address access control is really no longer a real option when it comes to wireless security.
The problem arises as the MAC addresses are sent unencrypted and therefore can be picked up and read by a determined hacker.
Not only that with many ethernet devices you can now very easily change the MAC address to a different one, so making it very easy to spoof the Mac address and fool a wireless base station into believing that you are an authenticated client.
Unfortunately "Closed" networks, MAC access control lists, and reduction in transmission power are all more "feel good" security rather than real security. All these various approaches are dated and mistakenly lead to overconfidence.
WPA is your friend if you value wireless security.
Each network interface has a unique MAC address which will be something like 00:4b:93:67:ec:49, when using MAC address access control on your wireless network, the wireless base station will check the MAC address of the connecting client and check to see if it is on a list of registered clients, if it is, you get connected, if not you don't.
It use to be useful, but MAC address access control is really no longer a real option when it comes to wireless security.
The problem arises as the MAC addresses are sent unencrypted and therefore can be picked up and read by a determined hacker.
Not only that with many ethernet devices you can now very easily change the MAC address to a different one, so making it very easy to spoof the Mac address and fool a wireless base station into believing that you are an authenticated client.
Unfortunately "Closed" networks, MAC access control lists, and reduction in transmission power are all more "feel good" security rather than real security. All these various approaches are dated and mistakenly lead to overconfidence.
WPA is your friend if you value wireless security.
Posted: Mon - August 8, 2005 at 09:57 AM | |
Quick Links
Calendar
| Sun | Mon | Tue | Wed | Thu | Fri | Sat |
Advert
Categories
Archives
Comments powered by
Haloscan
Web Links
Advertisement
XML/RSS Feed
Statistics
Total entries in this blog:
Total entries in this category:
Published On: Nov 21, 2006 08:10 PM
Total entries in this category:
Published On: Nov 21, 2006 08:10 PM