06/10/2024

Design Detailing

Design Detailing Experts

Adding a WiFi Access Control List

Adding a WiFi Access Control List

What is an Access Control List (ACL)? An Access Control List is a list, stored on a network router, of allowed devices on a network. This list determines which devices are allowed to connect to the network and which devices are not allowed. Using such a list, a wifi administrator (or home user) can block unauthorized access to their network.

Access Control Lists are configured using a wireless router. A network hub device will not work. A network hub allows all traffic to pass both ways; it does not filter any traffic. A router filters traffic, you can block traffic in either direction or re-route traffic. A router could be a basic router (ie. NetGear, Linksys) from any electronics store, an advanced router (i.e. Cisco Router) or a server/workstation configured as a router. A router stores information in its ACL and based on that information, directs traffic in and out of a network.

This screen shot shows the Access Control List of a NetGear Router. This list has one device listed. If the Access list was turned on, only this device could access the wireless network. You can build an ACL on a router and chose to not implement access filtering, but if you spent the time to build the list, might as well use it. There are more devices today, that can access a WiFi network than a few years ago. Such devices are Smart Phones, Gaming Systems, Laptops, Tablets, etc.

Most routers are pre-configured to broadcast their SSID (the name of your wifi network) and allow any traffic to connect. Most users are now familiar with securing their wifi networks by adding a network access password. This helps secure their network but it is possible that some hackers could find your network password. Adding an Access Control List will help to further reduce unauthorized access by adding a second layer of defense. An access list stores the MAC address of the device. If the computer attempting to access the network is not listed on this list, they will not be allowed to access the network. There are some hackers who are able to hi-jack a valid MAC address, so there aren’t any 100% secured systems but some security is better than none at all. One additional security measure we could add (after implementing ACL), would be to disable SSID broadcast. This will cause some problems with some WIFI devices automatically joining the wifi network, but its worth the security.

Review your specific router’s manual for the correct way to configure your specific router. We will discuss SSID broadcast in a future post, subscribe to the blog for alerts on future posts.