家庭网络通常的工作方式是任何拥有您网络密码的人都可以连接到您的家庭网络。但是,可以添加另一层安全性,仅允许连接特定设备。这称为
MAC地址过滤。
但是请记住,Mac地址过滤不是单一的安全解决方案。它只是为黑客提供了额外的难度。这是他们仍然能够突破的一层(见下文),但任何让黑客更难的事情总是一件好事。
为什么将设备列入白名单?(Why Whitelist Devices?)
您的路由器处理家庭网络内外的所有网络流量。它决定是否允许某些设备连接到您的家庭网络。
通常,此访问权限取决于设备用户是否输入了正确的网络密码。这是您在路由器安全菜单下的(Security)设置密码(Set Password)部分配置的密码。
这是阻止黑客连接到您的网络的唯一安全屏障。如果您设置了复杂的密码,那可能就足够了。不幸的是,大多数人使用基本的黑客工具设置的密码相当容易破解。(password that are fairly easy to crack)
您可以通过仅允许特定设备连接到您的家庭网络来添加第二层安全性。
MAC 地址过滤的工作原理(How MAC Address Filtering Works)
您可以通过将特定设备的MAC
地址添加到路由器的访问控制(Access Control)列表来将路由器设置为仅允许特定设备。
- 通常,您可以通过登录路由器并导航到“安全(Security)”菜单来找到此列表。您将在Access Control下找到设备列表。
- 您可以通过选择打开访问控制(Turn
on Access Control)来启用 Mac 地址过滤功能。
- 启用此功能后,您可以选择阻止所有新设备连接(Block all new devices from
connecting)。
- 选择此选项后,您将能够选择任何已连接的设备并在您不认识它们时阻止它们。
- 在执行此操作时扫描设备并确保所有列出的设备和MAC地址都是您识别的设备,这是一个好主意。
- 如果稍后您需要将新设备添加到列表中,则需要将设置更改回允许所有新设备连接(Allow all new devices to connect)。然后使用网络密码将设备连接到网络。
- 连接后,返回访问控制(Access Control)设置并将设置更改回阻止所有新设备连接(Block all new devices from connecting)。
有些路由器会让您手动输入设备和MAC地址。但要做到这一点,您需要知道您正在连接的计算机的MAC地址。
如何识别计算机的 Mac 地址(How To Identify The Mac Address Of Your Computer)
在Windows(Windows)系统上检查Mac地址非常容易。
- 打开Windows 命令(Windows Command)
窗口,键入ipconfig /all并按
Enter。
- 在结果中搜索(Search)显示为连接到网络的网络适配器。
- 记下该部分中列出的物理地址。(Physical Address)
- 此物理地址与路由器中显示的连接MAC地址相同。
在
MacOS系统上,该过程略有不同。
- 打开系统偏好设置(System Preferences)并选择网络(Network)。
- 选择连接的网络并选择高级(Advanced)按钮。
- 选择硬件(Hardware)选项卡以查看顶部列出的MAC 地址。(MAC Address)
您可以在本关于如何确定 MAC 地址的指南中查看上述在 PC 或Mac甚至其他设备上查找MAC地址的过程,并附有屏幕截图和其他详细信息。
对于Google Home、Alexa、Philips Hue灯或其他智能家居设备等设备,您通常可以在设备下方的标签上找到打印的MAC地址。(MAC)这通常与您在其中找到序列号的标签相同。
获得所有需要列入白名单的设备的MAC地址后,您就可以登录路由器并确保它们已连接,或者将MAC地址添加到现有列表中。
黑客如何击败 MAC 地址过滤(How Hackers Beat MAC Address Filtering)
黑客可以通过多种方式突破您的各种策略来保护您的 Wi-Fi 和家庭网络(secure your Wi-Fi and home network)。黑客也有办法通过MAC地址过滤。
一旦黑客意识到他们被阻止通过MAC地址过滤访问您的网络,他们所要做的就是欺骗自己的 MAC 地址(spoof their own MAC address)以匹配您允许的地址之一。
他们通过以下方式做到这一点:
- 进入控制面板中的网络和共享中心(Network and Sharing Center)。
- 选择更改适配器设置(Change adapter settings)。
- 选择其网络适配器的属性(Properties)和配置(Configure)按钮。
- 选择网络地址(Network Address)并使用所需的MAC地址填写值(Value)字段
。
那是容易的部分。困难的部分是黑客还需要使用数据包嗅探工具来提取当前在您的网络上通信的现有MAC地址。这些软件工具对于业余爱好者来说并不总是很容易使用,并且需要努力才能正确使用。
其他技术网站可能会告诉您,既然黑客可以做到这一点,那么根本不值得使用MAC地址过滤。但这并不完全正确。如果不使用MAC地址过滤:
- 您甚至没有从您的网络中阻止非黑客或业余 Wi-Fi 窃贼。
- 您无缘无故地避开了简单的安全层。
- 您并没有试图通过多层复杂性使进入您的网络变得尽可能困难。
- 您将无法使用可以帮助家长控制互联网的简单工具。
这就是为什么它为您的网络提供了一个很好的额外保护层,但您不应该依赖它作为您唯一的保护来源。将特定设备列入白名单(Whitelisting)应仅用作整体网络保护库的一部分。
How To Whitelist Specific Devices On Your Home Network To Stop Hackers
Τhe
way a home network usuаlly works is thаt anyone with your network passphraѕe
can connect tо your home network. However, it’s possible to add another layer
of seсurity where only specific deviсes arе allowed tо connect. This is сalled
MAC address filtering.
Keep
in mind however that Mac address filtering isn’t a single security solution. It
only serves as an extra level of difficulty for hackers. It’s a layer that they
will still be able to break through (see below), but anything that makes things
more difficult for hackers is always a good thing.
Why Whitelist Devices?
Your
router handles all network traffic inside and outside your home network. It
decides whether certain devices are allowed to connect to your home network.
Normally,
this access is determined by whether or not the user of the device types in the
correct network passphrase. This is the passphrase you configure in the Set Password section under the Security menu in your router.
This is the only security barrier stopping a hacker from connecting to your network. If you’ve set up a complex password, that may be enough. Unfortunately, most people set password that are fairly easy to crack using basic hacker tools.
You
can add a second layer of security by only allowing specific devices to connect
to your home network.
How MAC Address Filtering Works
You
can set up your router to only allow specific devices by adding their MAC
addresses to the router’s Access Control list.
- Usually, you can find this
list by logging into your router and navigating to the Security menu. You’ll find the list of devices under Access Control.
- You can enable the Mac
Address Filtering feature by selecting Turn
on Access Control.
- Once this is enabled, you can
then select Block all new devices from
connecting.
- Once this is selected, you’ll
be able to select any of the already-connected devices and block them if you
don’t recognize them.
- It’s a good idea while you’re
doing this to scan through the devices and make sure all of the listed devices
and MAC addresses are devices you recognize.
- If, later on, you need to add
new devices to the list, you’ll need to change the setting back to Allow all new devices to connect. Then
connect the device to the network using the network password.
- Once connected, go back to
the Access Control settings and change the setting back to Block all new devices from connecting.
Some
routers will let you enter devices and MAC addresses manually. But to do this,
you’ll need to know the MAC address of the computer you’re connecting.
How To Identify The Mac Address Of Your Computer
Checking
the Mac address on a Windows system is very easy.
- Open the Windows Command
window, type ipconfig /all and press
Enter.
- Search through the results
for the network adapter that shows as being connected to a network.
- Make a note of the Physical Address listed in that
section.
- This physical address is the
same as the connected MAC address shown in your router.
On a
MacOS system, the process is slightly different.
- Open System Preferences and select Network.
- Select the connected network
and select the Advanced button.
- Select the Hardware tab to see the MAC Address listed at the top.
You can see the procedures above for finding a MAC address on a PC or a Mac, or even on other devices, complete with screenshots and additional details, in this guide on how to determine a MAC address.
For
devices like Google Home, Alexa, Philips Hue lights, or other smart home
devices, you can usually find the MAC address printed on the label underneath
the device. This is usually the same label where you’d find the serial number.
Once
you have the MAC addresses for all of the devices that need to whitelist, you
can then log into the router and either make sure they’re already connected, or
add the MAC address to the existing list.
How Hackers Beat MAC Address Filtering
There are a lot of ways hackers can break through your various tactics to secure your Wi-Fi and home network. Hackers also have a way to get through MAC address filtering as well.
Once a hacker recognizes that they’re blocked from accessing your network via MAC address filtering, all they have to do is spoof their own MAC address to match one of the addresses you’ve allowed.
They
do this by:
- Going into Network and Sharing Center in the
Control Panel.
- Selecting Change adapter settings.
- Selecting the Properties of their network adapter and
the Configure button.
- Selecting Network Address and filling in the Value field with the desired MAC
address.
That’s
the easy part. The difficult part is that the hacker will also need to use a
packet sniffing tool to pull existing MAC addresses currently communicating on
your network. These software tools are not always easy for amateurs to use, and
can take effort to use correctly.
Other
tech sites may tell you that since hackers can do this, then it’s not worth
using MAC address filtering at all. But that’s not entirely true. If you don’t
use MAC address filtering:
- You aren’t even blocking
non-hackers or amateur Wi-Fi thieves from your network.
- You’re avoiding an easy layer
of security for no good reason.
- You aren’t trying to make
getting onto your network as difficult as possible with multiple layers of
complexity.
- You won’t have access to a
simple tool that can help with parental internet controls.
This
is why it’s a good extra layer of protection for your network, but you
shouldn’t depend on it as your only source of protection. Whitelisting specific
devices should be used as just one part of your overall arsenal of network
protection.