Filtering
Network Traffic
If your access point has a firewall built in, another method
of preventing intruders from gaining access to your WLAN is to filter your
network’s traffic. Filtering network traffic allows you to configure your
firewall in a way that excludes all users except those that your configuration
allows to connect.
You can use one of two methods to filter your network traffic. One
method uses the Media Access Control (MAC) address; the other filters by IP
address (see Figure 11-10). Either way, filtering only allows known (and
approved) addresses to associate with your access point. Manufacturers encode
each network adapter and device with a unique alphanumeric MAC address. In most
cases, the MAC address is permanent, but crackers can modify the MAC on some
devices.
Because of this, filtering isn’t foolproof. A cracker can use a
wireless sniffer and capture network data packets to analyze. Network data
packets contain routing information that includes both the IP address and MAC
address of the sending station. Using this information, a cracker can configure
his adapter to use the MAC (or IP) address of a legitimate user and thwart your
firewall’s filter (see Figure 11-11).
Although it’s not foolproof, analyzing data packets to learn MAC
addresses or legitimate IP addresses raises the bar high enough so that only
technically proficient(and determined) intruders are able to access your WLAN.
Because the majority of would-be intruders aren’t that skilled and unlikely to
waste much time trying to beat it, filtering is an effective additional step to
securing your wireless network.
Activating MAC
address filtering
The exact steps to implement MAC or IP filtering depend on
the hardware you are using and are different for every brand of access point or
firewall. The most likely scenario is that you can set up filtering through the
configuration software or Web interface for your device (see Figure
11-12).
To set up a list of MAC addresses that are allowed to associate
with your access point, gather the MAC address of every wireless adapter on your
network. The easiest way to learn the MAC address of each of your adapters is to
use the configuration software that came with the adapter. However, you can also
find the MAC address of your adapter in Windows XP or Windows 2000 by following
these steps:
STEPS: Finding the
MAC address of your adapter in Windows XP/2000
-
Left-click the Start Button.
The Start menu appears.
-
In the Start Menu, click Run. A small Run
dialog box opens (see Figure 11-13).
Figure 11-13: The Run dialog box
-
In the Run dialog box, type CMD and click OK. A command window appears.
-
In the command window, type ipconfig /all.
There must be a space after ipconfig. The command
window displays the network configuration for your adapter, including IP and MAC
address (see Figure 11-14).
Figure 11-14: The command window displaying IP
and MAC addresses
Repeat these steps to collect the MAC address for each of the
adapters that you allow to associate with your access point.
Implementing IP address filtering
Like MAC address filtering, the steps you take to configure
your access point or firewall to allow certain IP addresses (or a range of them)
to associate with your access point is dependent on the device that you are
using. Again, the most likely way for you to accomplish this is with the
configuration software that came with your device (see Figure 11-15).
To collect the IP addresses of wireless adapters that you allow to
associate with your access point, follow the same steps you used to gather the
MAC addresses. The ipconfig /all command will also
display the adapter’s IP address (see Figure 11-16).
|
Caution |
If you are using DHCP to supply your network clients with
dynamic (changing) IP addresses, don’t filter based on IP addresses. Any IP
addresses you collect now will change when you reboot your computer or
disconnect and then reestablish your network connection. |
Sections
Archive
Syndication
