I have been using MAC filtering on my home Wi-Fi network, and after reading this I tend to agree that its more effort than benefit. (Esp. when guests come over and need to access the wifi)
MAC address filtering allows you to define a list of devices and only allow those devices on your Wi-Fi network. That’s the theory, anyway. In practice, this protection is tedious to set up and easy to breach. This is one of the Wi-Fi router features that will give you a false sense of security. Just using WPA2 encryption is enough. Some people like using MAC address filtering, but it’s not a security feature.
It’s Tedious and Time-Consuming
Your wireless router has a variety of useful options you can configure. These are practically hidden — you wouldn’t know... [Read Article]
The time spent managing this is the main reason you shouldn’t bother. When you set up MAC address filtering in the first place, you’ll need to get the MAC address from every device in your household and allow it in your router’s web interface. This will take some time if you have a lot of Wi-Fi-enabled devices, as most people do.
Whenever you get a new device — or a guest comes over and needs to use your Wi-Fi on their devices — you’ll have to go into your router’s web interface and add the new MAC addresses. This is on top of the usual setup process where you have to plug in the Wi-Fi passphrase into each device.
This just adds additional work to your life. That effort should pay off with better security, but the miniscule-to-nonexistent boost in security you get makes this not worth your time.
This Is a Network Administration Feature
MAC address filtering, properly used, is more of a network administration feature than a security feature. It won’t protect you against outsiders trying to actively crack your encryption and get onto your network. However, it will allow you to choose which devices are allowed online.
Regards,
Rudi
If your absence does not affect them, your presence didn't matter.
I stopped using MAC address filtering many years ago, when I learned how easy it is to hack. All you need to do is sniff the network for a few minutes to find a valid MAC address and then modify your own MAC address to match.
Lots of effort to maintain and negligible security benefit.
Sorry, Rudi. I did write some recommendations about WiFi security many years ago, on a different forum where many of us used to hang out, but they never made it to this place.
Hiding the SSID will stop the WiFi name being visible to neighbours who aren't going to look for it. It provides absolutely no additional security though.
StuartR wrote:Hiding the SSID will stop the WiFi name being visible to neighbours who aren't going to look for it. It provides absolutely no additional security though.
Except to the "hounds" who roam the neighborhoods in a car and sniff out insecure sites.
StuartR wrote:Hiding the SSID will stop the WiFi name being visible to neighbours who aren't going to look for it. It provides absolutely no additional security though.
Except to the "hounds" who roam the neighborhoods in a car and sniff out insecure sites.
It makes no difference to them at all. You can still see the hidden SSID if you browse all the available packets, it's just that the SSID isn't advertised
I have this theory that in securing your home router, you don't have to have perfect security - you just have to stay ahead of your neighbours. If some scumbag really wants free wifi to download whatever scumbags download, then no amount of security is going to stop them, but they'll go for your WEP-using, default password neighbour rather than WPA-2 complex password you.
You don't have to outrun the lion...
John
“Always trust a microbiologist because they have the best chance of predicting when the world will end”
― Teddie O. Rahube
jonwallace wrote:I have this theory that in securing your home router, you don't have to have perfect security - you just have to stay ahead of your neighbours...
I subscribe to this theory as well, which is why I do use MAC filtering and hide my SSID even though I know it's not going to stop determined bad guys.
Ken
PS I can put a tick against all of Stuart's advice