Mac filter
From DpWiki
|
|
This article is a stub. You can help DPWiki by expanding it. |
Contents |
Introduction
MAC Filtration is a basic security feature that allows networking equipment to maintain a list of network adapters that are (or are not) allowed access to the network. As MAC Addresses are unique to each physical network card, these lists allow a network to restrict access to a specific set of devices. While not bulletproof, this feature provides a level of security that will fend off many would-be attackers.
Configuration
While this once was reserved for high-end managed switches, MAC filtration is now commonplace in residential routers and wireless access points. Configuration of this feature is dependant on each vendor, so users should check their manuals for instructions on how to use this feature with their equipment.
Permit vs. Prevent
Some devices allow users to select whether they would like to create a list of address that can access the network or a list of addresses that cannot access it. In the former scenario, only adapters explictly placed in the list will be able to access the network - in the later, all devices except those explicitly listed will be given access. As such, this is a very important setting as it significantly changes the behaviour of the system.
Weakness
Some network adapters provide users with the ability to manually override the MAC Address of their network adapters. As such, advanced attackers equipped with these cards can mimic the adapters allowed access to the network and will be able to get past this feature. Like other security measures, MAC filtration can provide a significant deterant to many forms of attackers however it isn't perfect so it should be used alongside other features.
See Also
- MAC Address - The addresses used by this filter in order to determine whether the adapter should have access to the network.
