MAC filtering

From Wikipedia, the free encyclopedia
Jump to: navigation, search

In computer networking, MAC Filtering (or GUI filtering, or layer 2 address filtering) refers to a security access control method whereby the 48-bit address assigned to each network card is used to determine access to the network.

MAC addresses are uniquely assigned to each card, so using MAC filtering on a network permits and denies network access to specific devices through the use of blacklists and whitelists. While the restriction of network access through the use of lists is straightforward, an individual person is not identified by a MAC address, rather a device only, so an authorized person will need to have a whitelist entry for each device that he or she would use to access the network.

While giving a wireless network some additional protection, MAC filtering can be circumvented by scanning a valid MAC (via airodump-ng) and then spoofing one's own MAC into a validated one. This can be done in the Windows Registry or by using commandline tools on a Linux platform. MAC Address filtering is often referred to as Security through obscurity. Unfortunately, using MAC Filtering may lead to a false sense of security. Also Referencing to ip blocking.

MAC filtering is not an effective control in wireless networking as attackers can eavesdrop on wireless transmissions. However MAC filtering is more effective in wired networks, since it is more difficult for attackers to identify authorised MACs.

MAC filtering is also used on enterprise wireless networks with multiple access points to prevent clients from communicating with each other. The access point can be configured to only allows clients to talk to the default gateway, but not other wireless clients.