Enable MAC Address Filtering
Most routers have a means of allowing specific devices access to the router based off of their physical address or MAC (Media Access Control) address. This list of MAC addresses is basically a list of names that are allowed or denied access to the router’s resources such as the internet. This serves as an added layer of protection in case the WEP Key or WPA Passphrase is compromised. The section in your router management should be labeled MAC address filtering or MAC address control. In order to add devices to this list (i.e. your PC, PS3, or other wireless devices) you need to know the MAC address of the device.
Back to our bar, we now have perimeter protection and no signs on the building. What would happen if, someone breached the perimeter by figuring out our key code? This non-member would now have unlimited member access to our bar and would be able to walk right through the gate. One way to get around this is to employ a bouncer and give them a list. This is what MAC address filtering accomplishes.
- Gather the MAC addresses of all wireless devices.
-
-
- Click Start
- If running XP click Run
- Type CMD
- Press Enter
- Type ipconfig /all
- Find the Wireless LAN adapter section and find the physical address
- Write this down for use later.
-
- Click on the Apple Menu
- Select System Preferences
- Under Internet & Network, select Network
- Next to Show select AirPort in the dropdown box.
- The Airport ID is your MAC address.
- Write this down for use later.
-
- Obtain a command shell
- Type ifconfig
- Find the Wireless adapter section and find the HWaddr
- Write this down for use later.
- Windows Vista/XP:
- Macintosh OS X
- Linux
-
-
- Now that you have your list of MAC addresses you can enter these into your router’s list.
- Find the MAC address filtering section of your router.
- Enter each of the MAC addresses you have into the list.
- If there is an option to Allow or Deny make sure it is selected to allow.
- Click Apply or Save Changes
Your router will now reboot again to apply changes made to the MAC address filter list. You should now configure all of your devices to connect to your router using the appropriate passphrase or WEP key which was created earlier.
SSID is really a catch 22 in my opinion. If you broadcast it, it’s in the open for everyone to see, but if you disable it and someone comes around wardriving and discovers that you’re SSID was disabled they’ll be more inclined to attempt to access your network because you probably have something important to keep hidden. It’s definitely not always the case, but I thought I’d share my 2 cents 🙂
Sorry, I should have added that your passphrase for WPA should be random generated and not a weak passphrase of a plain “dictionary” word that can be cracked very easily.
I agree that not broadcasting your SSID is only a layer but it can still be cracked. Anything can be cracked given the right tools and given the time, any network can be infiltrated.. The point is, to make your network a more difficult target so that the criminal (or hacker if you will) decides to move on to a more easily accessible target.
Considering most wireless networks are unprotected, getting this information out just so people impliment basic protection is a good start.
I agree. The MAC filter is not the equivalent to a bouncer, but more a little old lady asking you for your name without ID. You can lie (spoof) about it. As far as a WPA passphrase, you should use a passphrase generator to generate one for you up to 63 characters long (the longer the better and with all character types). This will make it more difficult, if not impossible, to brute force attack it. Using a dictionary word will only take a few seconds to crack.
Not broadcasting the SSID only adds another layer but it’s not impossible to crack it. Most scanning software will show it but without the SSID so it’s just a bit of extra work for the hacker to sniff that out.
Disabling SSID doesn’t add security. MAC addresses can be spoofed.