What is a MAC Address?
A MAC address is the physical hardware address, whereas the IP address is a logical address. Unlike an IP address, A MAC Address is etched into the hardware. Below is an image of a MAC address on a wireless NIC (Network Interface Controller). Notice that is says “WLAN MAC ID:”. This is the physical address of the Wireless Local Area Network controller. If this computer also had an Ethernet port, that too would have its own MAC address.
What is a MAC Filter?
A MAC filter is a rule that can be configured within your router. A MAC filter either denies or allows computers to access your network –depending on how you setup the filter.
Because the MAC filter is defined by MAC addresses rather than IP addresses, it will not matter whether a device has a dynamic or static IP address. If however, the rule operated differently, say using an IP address, the user could simply change their IP address and bypass the filter. But since a MAC address is etched into the hardware of the network controller, it becomes a bit more difficult to bypass –but not impossible. In fact, some people argue that using a MAC filter is not worth the effort.
Using a MAC filter is like locking your doors before going to bed. If the attacker wants into your home badly enough, they will eventually break in. But is it worth their effort? If that is not enough, another option is to block internet access entirely during certain hours of the day.
How Does A MAC Address Filter Improve Wireless Security?
A MAC Address Filter can decrease your network vulnerability by making it more challenging for unauthorized users to connect. Of course, A MAC Address Filter is not “really” a security tool. It’s more of a “prevent-from-connecting-to-my-network” tool. However, now you have more control of what client devices you allow to connect to your network. In essence, a MAC Address Filter is merely a layer of prevention.
Any unauthorized person who is trying to connect to your wireless network, would need good reason to pursue it. And they would have to be willing to invest the time to sniff your network and spoof their MAC address. Besides, if you truly need THAT level of network security, then MAC filtering won’t help you anyway. In that case, you better up your game to Enterprize-WPA2 with a Radius Server to manage each client.
But for the average homeowner, a MAC filter is just another layer to keep the hobby-hackers at bay. You’d be surprised at how many people wardrive for free wifi. At least now you can prevent folks from connecting to your WiFi without your knowledge.
How do I setup a MAC Filter?
In the screenshot below (taken from a Tomato router), there are five devices in the list. This MAC filter is configured to “permit only the following clients“. If a device is not on the list, it will be unable to connect to the wireless network (even with the password).
Navigate to: Basic > Wireless Filter
Let’s briefly discuss the three options:
Disable filter means … (I won’t insult your intelligence by explaining this one).
Permit only the following clients is used for inclusion. Therefore, any device listed has permission to connect wirelessly.
Block the following clients is used for exclusion. Basically, this settings says “if you’re not on the party list, you’re not getting in, buddy!”