Typically, your home network works so that anyone who knows your passphrase can connect to your home network. However, you can add another layer of security that only allows certain devices to connect. This is called MAC address filtering.
However, keep in mind that filtering Mac addresses isn’t the only security solution. This is just an additional layer of complexity for hackers. It’s a layer they can still break through (see below), but anything that makes it difficult for hackers is always good.
Why are devices whitelisted?
Your router handles all network traffic inside and outside your home network. It determines whether certain devices are allowed to connect to your home network.
Typically, this access is determined by whether the device user enters the correct network passphrase. This is the passphrase that you configure in the Set Password section of the Security menu of your router.
This is the only security barrier preventing a hacker from connecting to your network. If you have set a strong password, this may be sufficient. Unfortunately, most people set passwords that are fairly easy to crack with basic hacking tools.
You can add a second layer of security by allowing only certain devices to connect to your home network.
How MAC Address Filtering Works
You can configure your router to only allow specific devices to access by adding their MAC addresses to the router’s ACL.
- You can usually find this list by logging into your router and going to the Security menu. You will find a list of devices under Access Control.
- You can enable the Mac address filtering feature by selecting “Enable Access Control”.
- After enabling this option, you can select “Block all new devices from connecting.”
- After selecting this option, you can select any of the already connected devices and block them if you do not recognize them.
- While you are doing this, it is recommended that you scan for devices and make sure that all listed devices and MAC addresses are devices that you recognize.
- If you later need to add new devices to the list, you will need to change the setting again to Allow all new devices to connect. Then connect the device to the network using the network password.
- After connecting, go back to the access control settings and change the setting again to Block all new devices from connecting.
Some routers allow you to enter devices and MAC addresses manually. But for that, you need to know the MAC address of the computer you are connecting to.
How to locate your Mac’s Mac address
Checking your Mac address on Windows is easy.
- Open a Windows command window, type ipconfig / all and press Enter.
- Look in the results for the network adapter that appears as connected to the network.
- Make a note of the physical address listed in this section.
- This physical address is the same as the connected MAC address shown on your router.
The process is slightly different on macOS.
- Open System Preferences and select Network.
- Select a connected network and click the Advanced button.
- Select the Hardware tab to see the MAC address. shown above.
In this guide on how to find your MAC address, you can see the above procedures for finding MAC address on PC, Mac, or even other devices with screenshots and more information.
For devices like Google Home, Alexa, Philips Hue lights, or other smart home devices, you can usually find the MAC address printed on a label under the device. This is usually the same label as the serial number.
Once you have MAC addresses for all devices that need to be whitelisted, you can log into the router and either make sure they are already connected, or add the MAC address to the existing list.
How Hackers Beat MAC Address Filtering
There are many ways that hackers can hack your various tactics to secure your Wi-Fi and home network. Hackers also have a way to go through MAC address filtering.
Once a hacker discovers that he has been blocked from accessing your network using MAC address filtering, all he has to do is spoof his own MAC address to match one of the addresses you allow.
To do this, they:
- Go to the Network and Sharing Center in the control panel.
- Selecting “Change adapter settings”.
- Select the properties of the network adapter and the “Configure” button.
- Select a network address and fill in the “Value” field with the desired MAC address.
This is the easy part. The tricky part is that the hacker will also need to use a packet sniffing tool to extract the existing MAC addresses that are currently communicating on your network. These software tools are not always easy to use for hobbyists and can take effort to use correctly.
Other tech sites may tell you that since hackers can do this, it’s generally not worth using MAC address filtering. But it is not so. If you don’t use MAC address filtering:
- you don’t even block non-hackers or amateur Wi-Fi thieves from accessing your network.
- simple security for no good reason.
- You are not trying to make accessing your network as difficult as possible with multiple levels of difficulty.
- You won’t have access to a simple tool that can help you with parental control of the Internet.
This is why it is a good additional layer of protection for your network, but you shouldn’t rely on it as your only source of protection. Whitelisting specific devices should be used as part of your overall network security arsenal.