Security is an important concern on many networks, but this is especially true for a wireless network, such as a wireless local area network (WLAN), where information travels back and forth through the air and is open to eavesdropping and interception. By default, many WLAN access points broadcast their presence and grant access to any computer that requests it.
To deal with the issue of unauthorized access, MAC address filtering has been investigated. The MAC address is a unique value associated with a network adapter. MAC addresses are 12-digit hexadecimal numbers (48 bits in length). By convention, MAC addresses are usually written in one of the following two formats:MM:MM:MM:SS:SS:SSMM-MM-MM-SS-SS-SSThe first half of a MAC address contains the ID number of the adapter manufacturer. The second half of a MAC address represents the serial number assigned to the adapter by the manufacturer.
Every piece of network hardware ever made has a unique (no two network devices have the same MAC address) and permanent (the MAC address is “burned” into the hardware and cannot be changed) MAC address. A MAC address is usually an attribute of the network interface card (NIC) and not the computer itself unless the computer has a built-in WLAN adapter. One can usually find a device's MAC address on a label physically affixed to it or through an operating system utility to get a list of the MAC address of each network card in the system.
Many wireless fidelity (WiFi) access points (APs) and routers are built with features for hardware or MAC address filtering. MAC filtering specifies a list of MAC addresses that may connect to the access point, and thus dictates what devices are authorized to access the wireless network. Any address not explicitly defined will be denied access. However, this feature is normally turned “off” by the manufacturer because of the difficulty of proper set up. Many lay users may also find the graphical user interface (GUI) or the filtering setup too technical or time consuming.
Normally, to set up MAC address filtering, the WLAN administrator must manually configure a list of clients that will be allowed access to the network. First, the MAC addresses of each client must be obtained from the operating system or configuration utility. Then, the addresses must be manually entered into a configuration screen for the wireless AP or router. Finally, the filtering option is switched on.
Once enabled, whenever the wireless AP or router receives a request to associate with the WLAN, the MAC address of that client is compared against the administrator's access list. Clients on the list authenticate as normal; clients not on the list are denied any access to the WLAN. In order to alter the clients on the access list, the administrator must manually go into the configuration screen for the wireless AP or router and change the list.
Disadvantageously, conventional MAC filtering has required the computer to be powered on to enter and set up the MAC address list, the user has had to manually enter/remove the MAC address, and there has been a lack of flexibility in controlling parameters for the list. Accordingly, an improved MAC filtering system, apparatus, and method are highly desirable.
Embodiments of the present invention and their advantages are best understood by referring to the detailed description that follows. It should be appreciated that like reference numerals are used to identify like elements illustrated in one or more of the figures.