Add a WiFi access control list




What is an access control list (ACL)? An access control list is a list, stored on a network router, of devices allowed on a network. This list determines which devices can connect to the network and which devices cannot. With such a list, a Wi-Fi administrator (or home user) can block unauthorized access to your network.

Access control lists are configured through a wireless router. A network hub device will not work. A network hub allows all traffic to pass both ways; it does not filter traffic. A router filters traffic, it can block traffic in either direction or redirect traffic. A router can be a basic router (i.e NetGear, Linksys) from any electronics store, an advanced router (i.e a Cisco router), or a server / workstation configured as a router. A router stores information in its ACL and, based on that information, directs traffic into and out of a network.

This screenshot shows the access control list for a NetGear router. This list has a device in the list. If the access list was enabled, only this device could access the wireless network. You can create an ACL on a router and choose not to implement access filtering, but if you took the time to create the list, you could use that as well. Today there are more devices that can access a WiFi network than a few years ago. Such devices are smartphones, game systems, laptops, tablets, etc.

Most routers are preconfigured to broadcast their SSID (the name of your Wi-Fi network) and allow any traffic to connect. Most users are now familiar with protecting their Wi-Fi networks by adding a password to access the network. This helps protect your network, but some hackers may find your network password. Adding an access control list will help further reduce unauthorized access by adding a second layer of defense. An access list stores the MAC address of the device. If the computer trying to access the network does not appear in this list, it will not be allowed to access the network. There are some hackers who can hijack a valid MAC address, so there is no 100% secure system, but some security is better than nothing. An additional security measure that we could add (after implementing ACL) would be to disable SSID broadcast. This will cause some problems with some WIFI devices automatically joining the wifi network, but it is worth the security.

Check your specific router’s manual for the correct way to configure your specific router. We will discuss SSID broadcast in a future post, subscribe to blog to receive alerts about future posts.

Leave a Reply

Your email address will not be published. Required fields are marked *

Related Post