MAC addresses are one of those terms that few people know, but many could benefit from learning. While some people equate them to a Macintosh computer, others know this unique bit of information can help define your wireless network. They can also add an extra security layer.
In the past several years, network vendors have done a better job of telling consumers about security. Many articles have suggested changing administrator passwords, SSIDs, and enabling security protocols for wireless networks.
Another layer of protection is MAC filtering. You may be familiar with blocking websites. However, MAC filtering is a way to allow certain devices to connect to your network. For example, your notebook, but not a guest’s. In combination with your security settings, MAC filters can deter some hackers. You might think of this as adding a deadbolt to the latch bolt on your front door. People can still break down the door, but most won’t.
What is a MAC Address?
As with many technical terms, MAC is an acronym. It stands for Media Access Control address. This is a 12-character address that maps to a physical component such as your broadband router, wireless access card, network card, and so on. My smartwatch even has a MAC address. The number is unique, with the first half of the address representing the device manufacturer. So, for example, a MAC address starting with 00-06-25 is identified with Linksys.
Since the MAC address is unique, it can be used as a filtering mechanism to keep devices on or off your wireless network. Most 802.11 wireless networks will allow or deny access to specific MAC addresses. In my case, I entered the MAC addresses for the devices that I would allow connecting to my network.
I enabled MAC filtering and entered the three MAC addresses to connect to my network on my router. Each of these MAC addresses belongs to a device that I use. If a device tries to connect with a MAC address that is not on that list, it will be blocked.
How to Find a MAC Address
Perhaps, the hardest part of using MAC filtering is finding the device addresses. On most Windows systems, you may find this information using the following steps:
- Press your Windows key + R
- In the Open: text box of the Run dialog, type cmd
- Click OK.
- At the DOS prompt, type ipconfig/all
- Press Enter.
Your computer should display a dialog similar to the one below. The line labeled “Physical Address” represents the MAC address. In some cases, you may see more than one MAC address. For example, you might see one for the built-in Ethernet card and another for a wireless network card.
There is another way to get MAC addresses using the GETMAC / V command. This method is preferable if you need to grab the physical address and connection name.
Using MAC filters in conjunction with other security settings on a wireless system is a stronger solution that will deter some from hopping onto your network. One disclaimer about MAC filtering is that it isn’t foolproof, so it shouldn’t be used as the only security measure. The reason is MAC addresses can be cloned. Sometimes people need to clone MAC addresses because of ISP configuration issues. The same mechanism that allows you to change a MAC address for your device also works for a hacker.
Another gotcha about these addresses is some operating systems allow you to randomize your MAC address. This is the case with Android 10. As a result, you’ll have to continually update your allowlist for these phones or turn off the feature.
MAC Address Lookup
Sometimes the descriptions you see for your devices, really don’t provide enough info. The last thing you want to do is to filter the wrong device from your network. Or, maybe you just want to get more details. In these instances, it helps to query a MAC database. There are a number of them on the web, but I prefer the one by DNSChecker.org.
You type in the MAC address in the textbox and press the Search button. The service can take MAC address examples using hyphens or colons.
The database won’t return what the device actually is, but it will give you the vendor name and address which is a start.
As with most security intrusions, the harder it is for someone to break in, the less apt they are to keep trying. Adding an extra security layer increases the time and equipment needed for a hacker to compromise your network. Since there are still many insecure wireless networks, it seems likely hackers will start there.