One of the easiest ways to improve the security of your access points is to implement MAC address security. Available on even entry-level wireless access points and routers, this feature allows you to control exactly which wireless clients can associate with an access point according to their Media Access Control (MAC) address. If this feature is enabled and the MAC address of the client is not present in the configuration, that client with not be able to form the association necessary to access the wireless network.
Although it is possible for MAC addresses to be spoofed, doing so is generally beyond the skill level of most wireless users. Implementing this feature usually involves simply turning it on, and then specifying the MAC addresses of clients that should be allowed to associate with a particular access point. To determine the MAC addresses of client systems, use the ipconfig /all command on Windows ME/2000/XP, or the winipcfg utility on Windows 95/98 systems. Unfortunately, this task can be time consuming on larger networks, where they might be anywhere from tens to hundreds of MAC addresses to enter. It’s also worth noting that on larger networks with more than one access point, the access points will not share the MAC address information that you configure with one another. In other words, on a network with 3 access points, you would need to configure each with all of the MAC addresses of clients that will need to be able to associate. Some higher-end access points allow an administrator to store information about valid MAC addresses on a RADIUS server, and then configure the access point with the IP address of this server. When access points need to authenticate the validity of a wireless client, they can then query the centralized RADIUS server without the need to maintain this information locally.
