Protect Wireless Access Using MAC Address Filters

It is great to be able to access your network resources from anywhere in your home or office without having to plug into a wired network connection. But, if you can connect to your wireless access point from 80 feet away, then potentially every other wireless device in an 80-foot radius of your access point can as well.

There are a number of basic wireless security steps that many are already familiar with. Simple things like changing the SSID (service set identifier) from the vendor’s default and disabling SSID broadcasting so you don’t draw undo attention to your wireless network are a good start. Enabling some form of encryption, WEP (although it is quite flawed) or WPA, will help protect the data as it flies through the air and secure the communications between your device and the wireless router or access point.

Beyond these steps though, wireless routers or access points can generally filter access by MAC address as well. The MAC address is a unique identifier of your wireless network adapter. For a large enterprise with hundreds or thousands of wireless devices, it may not be feasible to try to maintain a listing of everyone’s MAC address and constantly update the access list as users come and go. But, home offices or small to medium businesses may be able to add an extra layer of protection by filtering based on MAC address.

To determine the MAC address on a Windows system follow these steps:

  1. Click Start
  2. Click Run
  3. Enter command and press enter
  4. In the command console, type “ipconfig /all” and press enter
  5. If you have more than one network adapter, the details of each will be displayed
  6. Locate the wireless adapter information
  7. The MAC Address is the information labeled Physical Address

Refer to the directions for your wireless router or access point to find out how to enable MAC address filtering. Once you enable MAC address filtering and enter the MAC addresses of each of your wireless devices, the wireless router or access point will only allow those devices with MAC addresses on the access list to connect to the wireless network.

It is possible using various wireless and network sniffing tools to capture and spoof MAC addresses, so this method is not fool-proof. But, like my tip Rename The Administrator Account, that is no reason to make it any easier for novice hackers or casual snoopers to get into your network.

Tony Bradley is a consultant and writer with a focus on network security, antivirus and incident response. He is the Guide for Internet / Network Security (, providing a broad range of information security tips, advice, reviews and information. Tony also contributes frequently to other industry publications. For a complete list of his freelance contributions you can visit Essential Computer Security (

About The Author

Leave a Comment

Your email address will not be published. Required fields are marked *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Scroll to Top