Just Filtering Your MAC Won't Do Jack

By Ronald Pacchiano

December 22, 2005

In addition to running MAC filtering, you need to add multiple security layers to protect your wireless network.

Q.   I was just wondering — If you set up MAC filtering on a home wireless network without enabling WEP or WPA, wouldn't that be sufficient to protect the network from unauthorized access? Since no PC would be allowed to join the network without a previously authorized MAC address, how could anyone possibly gain access to the wireless network? I thought that was the whole point of MAC address filtering, to protect the network from unauthorized users. I don't understand.

A.   The reasonable assumption is that by allowing only systems with authorized MAC addresses (define) onto the network, you'd be safe, but the reality is that this particular security measure is easy to circumvent, and thus good only as a deterrent for less sophisticated users. Anyone who really wants to gain access to your network (with a good general understanding of WiFi networks and the right utilities) could easily gain access. How can they get in? That one is easy. Your MAC address can be spoofed by readily available tools and utilities or even through a simple registry entry in Windows. Tools like Kismet or NetStumbler can intercept your MAC address and then spoof it, making an unauthorized system look legitimate.

The reality is that security is best implemented in layers — the more layers a hacker needs to penetrate, the harder and less attractive a target your network becomes. So in addition to just running MAC filtering, you should add multiple security layers to your network defenses such as the following:

  • WPA (define) or WEP Encryption (define)
  • Disable SSID (define) broadcasting
  • Setup VPN (define) access on your network
  • Use a RADIUS server (define) for addition authentication

There are other measures you can take, but I'm sure you get the idea.

To further safeguard your security, you should also be running a good anti-virus and anti-spyware package, plus a strong firewall (define). By themselves, none of these packages could provide you with adequate protection, but when combined, they create a strong defense for your system and should prove effective at defending your network and systems from attacks. If you do implement weak encryption, though, be forewarned: Somebody will exploit it. I know a guy in my neighborhood who has been getting free high-speed Internet access for more than a year. All he did was buy an 11b network interface card and searched for an AP (define) that he can get in. It turns out he has more than one choice.


Q.   I have a small workgroup at home, which consists of two PCs: a desktop and a laptop. These computers share a cable modem Internet connection via a Linksys wireless router. The desktop computer is equipped with a USB (define) wireless network adapter and is running Windows XP Home Edition. The laptop computer is using a mini-PCI 802.11b/g adapter, but is running Windows XP Professional.

Over the last few weeks, I started to notice a problem. My Internet connection is running just as quick as it always has on my desktop PC. However, for some reason, when I try to access the Internet from my laptop computer, it's extremely slow. Web pages can take almost a minute to load and occasionally time out. This behavior is consistent whether or not the desktop PC is online.

Both PC's can ping each other and I can print over the network. I have uninstalled and reinstalled the network adapters and even the TCP/IP (define) protocol, but to no avail. A friend of mine suggested I check the vendor's site to see if an upgraded network driver was available. Sure enough, a newer one was available, but installing it didn't improve the situation any. As a final act of desperation, I even contacted my ISP for assistance. All they were able to do was perform a diagnostic on my cable connection, which checked out fine.

I have tired everything I can think of, but so far have been unable to resolve the situation. The most frustrating thing is that it just seemed to develop overnight. I've had all of this equipment in place for almost a year now and up until this point, everything worked fine.

Do you have any idea what else I might try to possibly alleviate this problem? Thank you!

A.   Mysterious problems like these are typical when dealing with Windows PCs, so I'm afraid I don't have any easy answers for you. The good news is I don't think your problem has anything to do with your hardware or your network configuration. Just the fact that all of this hardware was purchased, installed and had been working for more than a year now pretty much rules it out. Could something have happen to the hardware to suddenly cause the problems your experiencing? It's possible, but the odds are against it. If a network adapter were to suddenly go bad, it would usually just stop working altogether. The Ethernet cable could have been damaged, but you said this was a wireless connection. It could be interference from another radio source, but the desktop PC functions just fine when they're running simultaneously.

Taking all of that information into account, it sounds to me like the problem you're experiencing has more to do with software incompatibility or a resource/memory shortage rather then a hardware malfunction.

Unfortunately, trying to isolate exactly what that is difficult and it would be almost impossible for me to instruct you on with the space we have available here. Actually, even if I was sitting in front of the system with you it would be difficult to spot and correct the problem.

The key to correcting this type of a problem usually comes down to identifying exactly when the problem started. You'll usually find that this time corresponds to a service pack (define) being applied, a new piece of software being installed software or a driver being updated. If you can't isolate when the configuration was modified, the quickest and easiest thing I can suggest you do is to simply wipe out and reinstall Windows XP on your laptop. I know this is a major hassle, but believe me when I tell you it's the more efficient of your two options and will normally yield the best results.

One of the problems I've discovered over the years working with Windows-based computers is that in order to keep them running at peak efficiency they almost have to be erased and redone religiously at least once year. The reason for this is that over time Windows becomes bloated with numerous utilities, applications, driver updates and security patches. Programs get overwritten or removed, but many of their core elements (like DLL (define) files) get left behind. This constant changing of the registry (define) in conjunction with these orphaned files can cause the system to become highly unstable and create many strange problems — none of which can be easily tracked. Unfortunately, redoing the system is usually the only way to effectively rid yourself of these mysterious problems and guarantee the structural stability of the operating system.

The only other suggestion I could make to you before taking on such a daunting task would be to thoroughly scan your system for viruses. The symptoms you described are definitely exhibiting virus-like behavior and at the very least is worth investigating.

In the future, one of the best ways to prevent this type of problem is to use a utility such as Microsoft's System Restore before installing or updating anything on the PC.

With System Restore you can save a copy of a working configuration. In the event of a problem, system Restore would use this configuration data to restore your system to a previous working state. While System Restore can't solve every problem, it is a good safe guard to have. For more information on System Restore and how to use it just click on the Start button and select "Help and Support." After it launches search for keyword "System Restore." I hope you find this information helpful. Good Luck!

Reprinted from PracticallyNetworked.com.



Comment and Contribute
(Maximum characters: 1200). You have
characters left.