2
I am able to give an ip address to a wired/wireless device based on the mac address. Other automatic DHCP is turned off.
Is this as effective as a security measure as MAC filtering?
It just seems to be an extra step on MAC filtering. I dont know why the interfaces are not merged as one. Hence the question to make sure I do not make a security mistake.
Valamas
Posted 2013-08-19T23:22:01.740
Reputation: 1 275
5
No, using DHCP reservations will not be as effective; while your router won't assign a DHCP address to a device whose MAC address it doesn't know, this does nothing to prevent an attacker simply assigning himself a static IP address in your range, and the router will happily communicate with him.
Aaron Miller
Posted 2013-08-19T23:22:01.740
Reputation: 8 849
1
MAC address is suppose to be like a unique ID for a device where IP address is place to send data to with an ambiguous ID.
Assigning a mac address allows you to ensure a device gets it's IP address reserved. Imagine a server @192.168.0.10 that shuts off, the IP address becomes available, a new devices uses it (192.168.0.10), then the server comes back on and is not allowed its address and either does not connect, or gets another address (say 192.168.0.11). But the other devices are still looking for 192.168.0.10 and they throw errors because the server isn't there.
By reserving the IP address, you make the ID static (not ambiguous), and now the server can get its address back at all times.
MAC filtering uses the theoretical unique ID to filter device access to the router. Problem is MAC address can be changed (spoofed) and a good hacker will be able to get around it even still. But it'll keep a bad hacker out :).
Damon
Posted 2013-08-19T23:22:01.740
Reputation: 1 789
0
Is this as effective as a security measure as MAC filtering?
yes, as effective. Both add zero effective security.
to make sure I do not make a security mistake.
Using mac filtering as security is a mistake. MAC addresses are broadcasted unencrypted. Everyone in range or your accesspoint can learn the MAC adresses used. Everone can emulate those. It adds zero security value.
In non computer terms: Think of it as trying to pass a security check. You can hear every person in range.
You: Hi, I am Ed, can I pass?
Reception: Nope, it will ignore you.
Next person: Hi, I am Jane, can I pass.
Reception: Sure jane, feel free to pass.
Obviouos next move: Ed move to the reception and states ":Hi, I am jane, can I pass"..... and you are in. Just wait until Jane is out of sight.
No security at all, only usable to help neighbours from accidentali from connecting.
As to disabling DHCP servers. Static IPs will still work. So no added security.
Which means both add equal protection: None at all.
Hennes
Posted 2013-08-19T23:22:01.740
Reputation: 60 739