Mountain Lion
Snow Leopard
Windows 8
Windows 7

Windows Vista
Windows XP
Boot Camp

Blog Roll

Tech Stuff
e-Learning Stuff
Ars Technica

This document was last updated on the 29 November, 2007

Ask Jack

The Guardian's Jack Schofield on MAC address filtering.

Should I be using MAC address access control to restrict client access to your wireless network?

Each network interface has a unique MAC address which will be something like 00:4b:93:67:ec:49, when using MAC address access control on your wireless network, the wireless base station will check the MAC address of the connecting client and check to see if it is on a list of registered clients, if it is, you get connected, if not you don't.

It use to be useful, but MAC address access control is really no longer a real option when it comes to wireless security.

The problem arises as the MAC addresses are sent unencrypted and therefore can be picked up and read by a determined hacker.

Not only that with many ethernet devices you can now very easily change the MAC address to a different one, so making it very easy to spoof the Mac address and fool a wireless base station into believing that you are an authenticated client.

Unfortunately "Closed" networks, MAC access control lists, and reduction in transmission power are all more "feel good" security rather than real security. All these various approaches are dated and mistakenly lead to overconfidence.

WPA is your friend if you value wireless security.

WPA is virtually uncrackable (only really vunerable to a dictionary attack if a real word is used as a password) and therefore will stop the casual user and the determined hacker.

If you are really worried, don't use wireless just use wires.

For most newbies to wireless networking, not broadcasting an SSID and or MAC address filtering will only complicate matters especially if they are already having problems. Therefore if you are having problems with your wireless network, my suggestion will always be use WPA and leave it at that, the wireless network will be secure.

Should I close my wireless network (or not broadcasting your SSID)?