Notes on MAC Address Filtering

Notes on MAC address filtering

 MAC address can be easily changed by using device manager or tools. This means that MAC addresses can be easily spoofed.

MAC address spoofing poses a threat when performing MAC address filtering.

"Isn't spoofing a MAC address relevant to your home network?"

You may think that, but MAC address filtering is done in familiar places.

Now, it is the next generation to build a high-speed wireless LAN even at home.

 Have you set your home so that only the MAC address registered in the wireless router can connect to the wireless LAN access point?

 It is very easy and convenient to set up a wireless access point so that only devices with registered MAC addresses can connect to it, but it is useless if the MAC address is disguised and the connection is made.

 MAC addresses can be easily discovered by monitoring traffic flowing over the network, as MAC addresses are not encrypted. Unlike wired networks, since it is wireless, it is possible to intercept radio waves without a physical connection, as long as the radio waves are within reach.

 There is also a way to increase security by setting an "SSID" (or "ESSID" depending on the manufacturer) to the wireless access point or wireless client. There is a possibility that the SSID will be intercepted by a third party.

 Also, if the SSID is accessed with the ANY key, it will be connected without knowing the SSID. Even if you don't have any knowledge of networking, the Windows wireless LAN client shows the SSID in the list, so you don't have to worry about finding the SSID.

In other words, neither filtering by MAC address nor restricting by SSID is perfect.

 In home networks, in order to increase security, you can use stealth functions to make the SSID invisible, use authentication and encryption such as AES, TKIP, or WEP, and save important data in files owned by the OS. It is necessary to take measures such as protecting with access rights to.

In corporate networks, it is also necessary to consider strengthening authentication using IEEE802.1X, etc.