Manage Port Access
WLANs can include or exclude devices based on MAC addresses using access control
lists (ACLs). For more on MAC filtering, skip ahead to Chapter 8, “Wireless Security:
Next Steps.” Although this type of ACL is easy to implement and manage on small
networks, they are tough to manage in large and dynamic networks because individual
MAC addresses have to be entered manually for each authorized device. Obviously,
this is laborious.
Attacking with MAC
Because ACLs use MAC addresses, they are also prone to attack. An intruder can sit
nearby and pick up traffic between the AP and authorized clients. Although the
contents of a WEP conversation are encrypted, the MAC address is not. As a result, an
attacker can do one of two things:
• The patient attacker can wait until the monitored station disassociates from the
network, and then simply reconfigure the network interface card (NIC) to
broadcast the intercepted MAC address.
• The impatient attacker can simply send a disassociate request to the AP, bumping
the legitimate station off the WLAN. Before the legitimate station can reassociate,
the attacker can associate with the spoofed MAC address.
The LAN Port Access Control framework, outlined by the 802.1X standard, helps
control access to one’s WLAN.