9.4 MAC Address Filtering

   

Another layer of security used on WLANs is MAC address filtering. Just as an administrator can filter MAC addresses on a switched network, they can also be filtered on a WLAN network.

MAC address filtering makes sense in small WLAN networks, where an administrator can maintain tight security. In a large WLAN network, especially one with access points segmented by SSID or WEP, MAC address filtering can be an administrative nightmare.

An access point can usually manage a maximum of 255 MAC addresses. For large WLAN installations, this may not be enough. Even in smaller networks multiple lists, which have to be managed manually, can be an excessive amount of work for an overburdened administrative staff.

MAC addresses can also be spoofed. Remember, unlike a traditional network, where an attacker has to be physically attached to monitor traffic, on a WLAN an attacker can monitor traffic without having authenticated to the access point. Even with encrypted data, the MAC address of a machine connected to the network will be sent in clear text. Someone sniffing the network will be able to find allowed MAC addresses and change the MAC address of the card they are using, gaining quick entrance into the network.

Current best practices, as advocated by the IEEE, recommend the use of a combination of SSID, with broadcast disabled, WEP, and MAC address filtering to secure WLANs. Even these steps are not enough to provide the level of security that can be provided to a wired network, but they should be adequate for smaller networks. Using these three layers of security should be enough to dissuade an attacker searching for a random access point. They will not, however, be enough to stop an attacker intent on breaking into a specific network.

There are steps, described in the next sections, which a network administrator can take to further enhance WLAN network security. Enhanced security for WLANs may not be required depending on other security measures in place within the network. If enhanced security measures are not going to be taken, it is important to be aware of the risks involved in using the security measures described thus far.

   


The Practice of Network Security. Deployment Strategies for Production Environments
The Practice of Network Security: Deployment Strategies for Production Environments
ISBN: 0130462233
EAN: 2147483647
Year: 2002
Pages: 131
Authors: Allan Liska

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net