A reader wrote to me last week, saying that someone told him that he could use filtering to block any unauthorized devices from accessing his Wi-Fi. He wanted to know if this was a good security feature.
First, an explanation of what he is talking about. Each device that connects to any type of network (wired, wireless, cellular, etc.) has a unique 12-character code, called a MAC address, to identify it on the network. If you enter your router's settings, you can either block devices with a specific MAC address from accessing your network, or you can create a list of allowed MAC addresses and block any others. On the surface, it sounds like a great idea. Enter the MAC address of every device you own, block all others, and no one else can ever use your Wi-Fi.
Unfortunately, this is not an effective security measure. MAC addresses can easily be spoofed by a computer, and they are broadcast by your router every time it sends a packet of internet data. All an attacker would need to do would be to capture one packet from your router, read the MAC address of the device, and then use a tool to pretend to be that MAC address. Within a minute, someone could be on your network if your only security feature is MAC filtering, and it could take only a few seconds if someone wrote a few lines of code to automate the process.
Furthermore, the process of administering the list of approved devices will take some time. Any time someone wants to legitimately connect a new device, you will have to go into the control panel and enter it in the list of approved addresses. If you have family or friends over for dinner, they will be unable to connect to the Wi-Fi with their phones, tablets, or laptops until you have entered their MAC address on the approved list, something that is sure to annoy everyone there.
WPA2 encryption is still the best form of Wi-Fi security. Using MAC filtering is like adding a padlock to your automatic garage door. Anyone who can figure out the right code and frequency for your garage door is going to be undeterred by also having to cut a padlock. But, the process of getting out of your car and unlocking the padlock before opening the garage door is going to annoy everyone real quick.
MAC filtering does have legitimate purposes, especially in work environments. For home use, it can be used to block access if someone is using it without your permission or to block your kids from the Wi-Fi as a form of grounding. Yes, it is certainly still possible to break, but your kids or a casual Wi-Fi thief probably aren't going to know how to do it.
No comments:
Post a Comment