MAC address filtering protects networks by only allowing certain wireless network adaptors to connect to the network, using that adaptors unique identifier (typically something like; 00-08-E5-3C-D9-84). This means that every 'allowed' adaptor must be manually configured on your wireless network device, which can be a daunting task for anyone not comfortable with network terminology and commands.

MAC filtering also suffers from some of the same vulnerabilities as WEP. It can't be cracked, but an intruder can still capture traffic from your network and examine the MAC addresses that are approved, then imitate those addresses to gain approved access. Most motherboards with onboard NICs allow you to set a MAC address of your choice, just as most WLAN cards will.

Network vs. Wireless security

Securing a wireless network is really two issues rolled into one, since on one hand you have to worry about controlling access to your network, and on the other you need to think about securing your individual computers.

As already stated, a typical 802.11b network can only be easily secured to a certain point, and a vulnerable point at that. The key issue here is that wireless access generally occurs inside whatever is protecting your personal network from the big bad Internet.

Most home DSL/cable wireless routers come with a firewall to control access to your network from outside, but anyone who can access the wireless portion of your network bypasses this firewall completely. The same mistake has been made by many businesses who shell out for expensive firewall and access-control software only to find that their network has been compromised by unsecured wireless access from inside.

Sound far-fetched? Around the PCSTATS Labs there are a over a half dozen wireless networks within range, and of those, only half have WEP initialized. That potentially leaves every other network wide open for curious, and malicious onlookers.

The problem is that wireless routers, and home routers in general are internet sharing devices, and as such, are generally set by default to give out IP addresses automatically to any computers that are connected to them. This eliminates the need for the user to manually set the correct address, but also allows an intruder to automatically gain an IP address within your network.

This is not such a big deal with non-wireless routers, as an intruder would have to be physically plugged into the router itself to receive an address, but with a wireless device, anyone within range who has the correct hardware can be considered to be 'plugged in.'

The rest of this this PCSTATS Guide assumes that you already have a wireless network successfully set up in your home. For more information on this, see PCSTATS Wireless Home Networking Guide, and for some basic information on networking in general, see PCSTATS Guide to Home Networking .

Now to begin with, let's find out if there are any unauthorized computers attached to your wireless router or access point...