MAC Filtering (layer 2 address filtering) refers to a security access control methodology whereby the 48-bit address assigned to each network card is used to determine access to the network. Iptables, pf, and IPFW can block a certain MAC address on a network, just like an IP. One can deny or allow from MAC address like 00:1e:2a:47:42:8d using open source firewalls. MAC address filtering is often used to secure LAN or wireless network / devices. Is this technique effective?
Short answer – NO.
Personally, I do not use and recommend MAC address based filtering. MAC address can be easily spoofed under each and every operating system out there. So I was wondering why anybody want to use MAC-based filtering? You can easily filter IPv4 or IPv6 IP address. My formula is as follows to filter and control bad stuff:
- Throttle network connections using firewall, operating system control mechanisms, and applications control mechanisms.
- Set connection rate per IP, do not allow unlimited access to any public service.
- Drop abusing netblocks at router / edge level.
- Drop bad IPs using Iptables / pf firewall. Use DMZ if required. Use proxy layer if required.
- Disable unwanted services.
- Monitor public services using open source tools, IPS and/or custom scripts.
- Default policy deny all & open required ports, least privilege policy for all applications, users and anything that can communicate over network.
For Wireless networks and Desktops
- Always use WPA / WPA2 with TKIP or AES encrypting with a strong passphrase
- Change your passphrase every month
- Disable stupid UPnP
- Disable your wireless router’s remote management and ssh / telnet port features.
- Turn on firewall, port scan and DoS protection
- Windows / Mac OS X user should always use an anti virus, firewall / internet security suite. Keep your operating system and virus databases always up to date.
- Use VPN or SSH while communicating with Linux / Windows servers.
- Use secure SMTP, IMAP or POP3 version for email communication. Most ISP and free service such as gmail support secure version of email protocols.
Personally, If I found anyone breaking the security polices, I would warn them. In some case I recommend firing them. I don’t care if it is small break or anything else. If you are willing to break the IT security policies why should you be trusted? Hire a third party or constant to evaluate your current security policy.
What do you think? Do you use MAC based filtering?