Mac Filtering
Download as PPTX, PDF1 like969 views
MAC filtering is a security method that controls network access by using the unique MAC (Media Access Control) address assigned to each device's network interface. It involves creating allowlists and blocklists of MAC addresses to permit or deny access at the data link layer. To implement MAC filtering on Windows, administrators can add MAC addresses to filters in the DHCP console to control which devices can use the network. While effective for wired networks, MAC filtering is not very useful for wireless networks since MAC addresses can sometimes be changed or spoofed. It is commonly used in enterprise networking to control access at the network layer.
Mac Filtering
- 1. MAC Filtering Presented Devang Doshi on: Sep 17, 2015
- 2. Index • MAC • MAC Address • MAC Filtering
- 3. MAC • MAC stands for Media Access Control • In the 7 layer OSI model for computer networking, Layer Data Unit Host Layers 7. Application Data6. Presentation 5. Session 4. Transport Segments Media Layers 3. Network Packet/Datagram 2. Data link Bit/Frame 1. Physical Bit Media Access Control (MAC) sub-layer responsible for controlling how devices in a network gain access to data and permission to transmit it. Logical Link Control (LLC) sub-layer controls error checking and packet synchronization.
- 4. MAC Address • A unique identifier assigned to network interfaces (for communications on the physical network segment) • Network address for most IEEE 802 network technologies (including Ethernet and WiFi) • Most often assigned by the manufacturer • Stored in hardware (on card's read-only memory or some other firmware mechanism) Image source: https://en.wikipedia.org/wiki/MAC_address#/media/File:MAC-48_Address.svg
- 5. What is MAC Filtering? • Definition, as per wikipedia, “In computer networking, MAC Filtering refers to a security access control method whereby the 48-bit address assigned to each network card is used to determine access to the network. “ • Definition, as per TechNet, “MAC address filtering is a feature for IPv4 addresses that allows you to include or exclude computers and devices based on their MAC address” MAC Filtering = GUI Filtering = Layer 2 Filtering = Link-layer Filtering
- 6. How to implement MAC Filtering? • When configuring MAC address filtering, you can specify the hardware types that are exempted from filtering (By default, all hardware types defined in RFC 1700 are exempted from filtering) • Before configuring MAC address filtering, • Enable and define an explicit allow and deny list (for DHCP to function smoothly) • Enable and define an allow list and a block list (the block list has precedence over the allow list)
- 7. How to implement MAC Filtering? • Four step process to enable MAC address filtering on Windows Computer: 1. In the DHCP console, double-click the IPv4 node, and then double- click the Filters node 2. Right-click Allow or Deny as appropriate for the type of filter you are creating, and then click New Filter 3. Enter the MAC address to filter, and then enter a comment in the Description field if you want to. Click Add. Repeat this step to add other filters 4. Click Close when you have finished
- 8. Summary Unique address for each card, can’t be changed* Blacklists and Whitelists Devices not Users Effective in wired networks Not effective on wireless networks Used on Enterprise Networking
- 9. Reference: Websites • https://en.wikipedia.org/wiki/MAC_filtering • https://en.wikipedia.org/wiki/MAC_address • https://en.wikipedia.org/wiki/OSI_models • https://en.wikipedia.org/wiki/Media_access_control • https://technet.microsoft.com/en-us/magazine/ff521761.aspx
- 10. Questions?
- 11. Thank you for your time
Editor's Notes
- #7: Before you can configure MAC address filtering, you must do the following: Enable and define an explicit allow list. The DHCP server provides DHCP services only to clients whose MAC addresses are in the allow list. Any client that previously received IP addresses is denied address renewal if its MAC address isn’t on the allow list. Enable and define an explicit deny list. The DHCP server denies DHCP services only to clients whose MAC addresses are in the deny list. Any client that previously received IP addresses is denied address renewal if its MAC address is on the deny list. Enable and define an allow list and a block list. The block list has precedence over the allow list. This means that the DHCP server provides DHCP services only to clients whose MAC addresses are in the allow list, provided that no corresponding matches are in the deny list. If a MAC address has been denied, the address is always blocked even if the address is on the allow list.
- #8: Before you can configure MAC address filtering, you must do the following: Enable and define an explicit allow list. The DHCP server provides DHCP services only to clients whose MAC addresses are in the allow list. Any client that previously received IP addresses is denied address renewal if its MAC address isn’t on the allow list. Enable and define an explicit deny list. The DHCP server denies DHCP services only to clients whose MAC addresses are in the deny list. Any client that previously received IP addresses is denied address renewal if its MAC address is on the deny list. Enable and define an allow list and a block list. The block list has precedence over the allow list. This means that the DHCP server provides DHCP services only to clients whose MAC addresses are in the allow list, provided that no corresponding matches are in the deny list. If a MAC address has been denied, the address is always blocked even if the address is on the allow list.
- #9: MAC addresses are uniquely assigned to each card, so using MAC filtering on a network permits and denies network access to specific devices through the use of blacklists and whitelists. While the restriction of network access through the use of lists is straightforward, an individual person is not identified by a MAC address, rather a device only, so an authorized person will need to have a whitelist entry for each device that he or she would use to access the network. MAC filtering is not an effective control in wireless networking as attackers can eavesdrop on wireless transmissions. However MAC filtering is more effective in wired networks, since it is more difficult for attackers to identify authorized MACs. MAC filtering is also used on enterprise wireless networks with multiple access points to prevent clients from communicating with each other. The access point can be configured to only allows clients to talk to the default gateway, but not other wireless clients. It increases the efficiency of access to network