MAC accost filtering is one of those controversial features that some people swear by, whereas others say it'southward a consummate waste material of time and resources. So which is information technology? In my opinion, it'southward both, depending on what y'all are trying to accomplish by using information technology.

Unfortunately, this feature is marketed as a security enhancement that you can use if you lot are technically-savvy and willing to put in the endeavor. The existent fact of the matter is that information technology really provides no actress security and can actually brand your WiFi network less secure! Don't worry, I'll explain more virtually that beneath.

Yet, it's not completely useless. In that location are some legitimate cases where you can utilize MAC address filtering on your network, but it won't add additional security. Instead, it's more of an administration tool that you can use to control whether or not your kids can admission the Cyberspace at certain times during the mean solar day or if y'all desire to manually add devices to your network, which y'all can monitor.

Why It Doesn't Make Your Network More Secure

The chief reason why it doesn't brand your network more secure is considering it's really piece of cake to spoof a MAC accost. A network hacker, which can literally exist anyone since the tools are and then easy to use, can easily effigy out the MAC addresses on your network and and then spoof that address onto their computer.

So, you may ask, how can they become your MAC address if they can't connect to your network? Well, that'south an inherent weakness with WiFi. Even with a WPA2 encrypted network, the MAC addresses on those packets are not encrypted. This means that anyone with network sniffing software installed and a wireless menu in range of your network, can easily grab all the MAC addresses that are communicating with your router.

They can't encounter the information or annihilation like that, merely they don't really have to interruption the encryption to access your network. Why? Because now that they have your MAC accost, they tin can spoof information technology and then transport out special packets to your router called disassociation packets, which volition disconnect your device from the wireless network.

Then, the hackers' device will try to connect to the router and will be accustomed because it is at present using your valid MAC address. This is why I said earlier that this feature can make your network less secure because now the hacker doesn't take to bother trying to crack your WPA2 encrypted password at all! They merely have to pretend to exist a trusted computer.

Over again, this can be done by someone who little to no knowledge of computers. If you lot only Google crack WiFi using Kali Linux, you'll get tons of tutorials on how to hack into your neighbor's WiFi within a few minutes. So do those tools always work?

The Best Way to Stay Secure

Those tools will work, just not if y'all are using WPA2 encryption along with a fairly long WiFi password. It's really important that you lot don't use a simple and brusque WiFi password because all a hacker does when using these tools is a brute forcefulness set on.

With a animate being force attack, they volition capture the encrypted password and effort to crack it using the fastest automobile and the biggest dictionary of passwords they can find. If your countersign is secure, it tin can take years for the countersign to be cracked. Always endeavour to employ WPA2 with AES just. Y'all should avert the WPA [TKIP] + WPA2 [AES] selection as it'due south much less secure.

Nevertheless, if you take MAC accost filtering enabled, the hacker can bypass all that trouble and just grab your MAC accost, spoof it, disconnect you or another device on your network from the router and connect freely. Once they are in, they can practice all kinds of damage and access everything on your network.

Other Solutions to the Trouble

Only some people volition still say it's and then useful to control who tin become on my network, especially since everyone doesn't know how to utilise the tools I mentioned above. OK, that'south a betoken, but a better solution to control outsiders who desire to connect to your network is to utilise a guest WiFi network.

Just about all modern routers take a invitee WiFi feature that will allow you to let others connect to your network, but not let them encounter anything on your dwelling house network. If your router doesn't back up it, you can just purchase a cheap router and attach that to your network with a separate password and separate IP address range.

It's as well worth noting that other WiFi security "enhancements" like disabling SSID broadcasting will besides make your network LESS secure, not more than secure. Some other one people accept told me they try is to use static IP addressing. Once again, as long as a hacker can figure out your network IP range, they can use any address in that range too on their machine, regardless of whether y'all have assigned that IP or non.

Hopefully, this gives you a clear thought of what you can apply MAC addressing filtering for and what expectations to accept. If you feel differently, experience gratuitous to allow us know in the comments. Enjoy!