See how MAC filtering works and learn about some of its pitfalls.

If you’re familiar with 802.11b wireless networking, you’ve no doubt heard the horror stories about how weak Wired Equivalent Privacy (WEP) is. In the rush to move away from WEP and its supposed weakness, many organizations have implemented Media Access Control (MAC) filtering as their sole wireless access point (WAP) security measure. What they may not know is that MAC filtering is extremely ineffective as a sole security measure. In reality, relying on MAC filtering to protect your wireless network is pretty much the same as leaving the front door open and asking an intruder to come on in and stay a while. In this Daily Feature, I’ll show you how MAC filtering works and describe some of its pitfalls.

Before I discuss why MAC filters aren’t the perfect security solution, let’s examine what MAC filters are and how they work. MAC filtering is the process of configuring an access point with a list of MAC addresses that will either be allowed or not allowed to gain access to the rest of the network via that WAP. The most common configuration has a list of allowed MAC addresses—the trusted and known MAC addresses that are supposed to be on the wireless LAN.

Exactly where you enter the allowed MAC addresses varies, depending on the WAP you use. Normally you’ll enter this information into the WAP’s configuration utility, usually from a Web-based interface, although you can also do it from a console session or some other form of remote control. No matter how it’s done, the end result is a list of MAC addresses that you use to allow or disallow access….