Have you heard of MAC address filtering? It’s an optional security feature on many routers and other access point devices. It works by filtering network traffic based on MAC addresses. Each network card has a unique MAC address. Rather than allowing all MAC addresses to connect to your business’s network, you can filter them. There are pros and cons of MAC address filtering, however, some of which are discussed below.
Pro: Prevents Bandwidth Theft
MAC address filtering offers a simple and effective way to protect against bandwidth. Bandwidth theft involves an unauthorized user connecting to your business’s network. As the user downloads and uploads data, he or she will steal your business’s bandwidth. With MAC address filtering, you can create a whitelist of authorized users, such as your business’s employees, to prevent bandwidth theft from occurring.
Pro: DDoS Protection
For greater protection against distributed denial-of-service (DDoS) attacks, you may want to enable MAC address filtering. DDoS attacks are characterized by massive amounts of incoming data packets. During an attack, your business’s network will receive data packets from many different devices. MAC address filtering offers DDoS protection by automatically blocking these data packets. Unless a data packet is from a whitelisted and authorized user, your business’s network will automatically reject it.
Con: Easy to Soof
Perhaps the biggest disadvantage of MAC address filtering is that it’s easy to spoof. How does spoofing work exactly? An attacker may “listen in” on your business’s network to capture whitelisted MAC addresses. The attacker may then configure his or her device to transmit one of these whitelisted MAC addresses. The attacker doesn’t actually need to be whitelisted; he or she just needs to use a spoofed MAC address.
Con: No Encryption
MAC address filtering doesn’t take advantage of encryption. There’s no encryption, and there’s no protection against eavesdropping. This means MAC address filtering is vulnerable to attacks such as man-in-the-middle (MITM) attacks. You can still use it, but you should rely solely on MAC address filtering to secure your business’s network.
Con: Time-Consuming to Maintain
Another disadvantage of MAC address spoofing is the simple fact that it’s time-consuming to maintain. MAC address filtering requires the use of a whitelist. If you have a small business with just a handful of employees, you can easily create and maintain a whitelist. If you have a medium or large business, on the other hand, you may struggle to maintain this whitelist.