In this new chapter of our series dedicated to basic concepts of networks we are going to talk about MAC filtering, and we will keep the usual scheme, which means that we are going to explain what it is and why it is important. I am sure many of our readers will already know what we are talking about, but this content will be of help to the less expert.
Due to the particularities that MAC filtering presents, we are also going to talk about the different options for use that it offers, a topic that is also very important, as we will see below. As always, if you have any questions, you can leave them in the comments and we will help you solve them.
Remember that, to activate MAC filtering, you have to enter your router settings and look for the corresponding options. If you don’t remember how to access the router interface, don’t worry, just enter “192.168.1.1” or “192.168.0.1” in your browser and your user credentials, without further ado.
What is MAC Filtering, what does it do, and why does it matter?
We can consider it as a security layer that allows us to improve the protection of our Wi-Fi network, since it is in charge of monitoring the different devices that try to connect to it, and identifies them through the 48-bit MAC address associated with it.
So that we understand each other better, and so that no one gets lost, MAC filtering would be like that vigilante who controls access to a restricted area, and only lets in those who have the proper identification. That way, if it detects a device that is not authorized, it will not allow you to connect to our Wi-Fi network, even if you have entered the password and the name (SSID) of our network.
Indeed, it is very useful, and with the definition we have given above we can clearly see why it is important: because it helps us prevent intrusions, even in those cases in which the attacker knows the credentials of our Wi-Fi network.
White lists and black lists: Two options for different needs
As we have seen, MAC filtering can prevent access to unauthorized devices by checking their identification (the MAC address). However, this does not mean that it can only work in a restrictive way on the basis of “you are not on the list, you are not in”. This security solution can work in two different ways, shaping what we know as white lists and black lists.
White lists are those that fit with the previous concept, that is, we create a list of authorized MAC addresses, so that only devices that use those addresses will be able to connect to our Wi-Fi network. It is the safest option, but it is also the most restrictive, and it can be conflictive if we receive many visits and if we have to share our connection with a certain frequency. Creating a guest network can help us overcome these problems.
By contrast, blacklists are the opposite, those devices that are on the list will be blocked. It is the least restrictive option for obvious reasons, but it is also the least secure. Personally, I prefer the first option, since in the end the accesses to my Wi-Fi network are limited to the devices that are at home, and I only activate a guest network in very special cases, and very specific.