Securing the Home Network – Show me your MAC ID please

Every network device has a MAC (Media Access Control) address.  This unique twelve hexadecimal digit identifier is similar to either a phone number or social security number for your network equipment.  No two should ever be identical.  This number is usually stored permanently in the device.  It is usually displayed on a label on the device in the form of: 00:23:6C:7F:38:43 or it can be displayed in the network information screen of the device.

If you want added assurance that only devices with “proper id” are allowed on to your Wi-Fi®  network, you can explicitly enter the MAC address of each of your Wi-Fi®  connected network devices in to your Wi-Fi® Router or Access Point, such as your Wi-Fi® (or Wired) Home Computers, Printers; Cell Phones, Tablets, Gaming Computers and Internet enabled devices like Blu-Ray Players and Internet enable Flat Panel TV Sets.

Even if a user has the proper SSID (Wi-Fi® Network Name) and Password, if the MAC address is not listed in the table in your Router or Access Point of “permitted MAC addresses” access will be denied and the device will not be able to connect.

The ability to configure MAC address restrictions is usually in the “Advanced Security Setup” area of your Router, Access Point, or Switch.  Almost all Wi-Fi® Routers and Access Points support MAC Address connection tables and restrictions.

Only higher end Wired Routers and Switches offering some form of Management have the MAC Address restriction capability.  Not to worry, the likelihood that someone you don’t know is directly plugging in via a “Wired” connection to your network in your home without your permission or knowledge is very small.

Technical Note:  In some cases, there are legitimate reasons why a network device would broadcast a MAC address different from the one permanently assigned.  This is called MAC Spoofing.  Some earlier Internet connection types required that the Cable or xDSL modem, the device that converts the signal from outside your home to Ethernet, be in “bridge” mode, or for all practical purposes, invisible.  In these situations, the Cable or xDSL modem would actually broadcast the MAC Address of your Computer instead of its’ own MAC Address.

Security Note:  MAC Spoofing can also be used for bad purposes and is not a fool proof security method.  It is just an added layer of security.  Even if you have a MAC Address permission table set for both your Wi-Fi® Router and any Access Points, almost anyone, with a reasonable amount of skill, can Spoof, or duplicate a legitimate MAC address which could allow them access to your Wi-Fi® network PROVIDED THAT they also know the correct SSID (network name) AND Password.  That is three layers of security instead of two.

In general, if you are extremely concerned about securing the access to your Wi-Fi® enabled network, setting the MAC Address of each Wi-Fi® enabled device in your Wi-Fi® Router and/or Access Points for your Primary (“Private”) Wi-Fi®  network will provide an added level of assurance that only legitimate, authorized devices are connecting to your network.  (For a discussion on Primary/Private vs. Secondary/Guest Wi-Fi® networks, see my article, “Securing the Home Network – Guest Wi-Fi® Networks”)

Speak Your Mind