What is MAC Filtering?
MAC Filtering is a network security technique in which access to a network is restricted on the basis of a device’s MAC address (Media Access Control). Each network device has a unique MAC address, and filtering determines which devices are permitted or denied access.
In OT environments, MAC Filtering is used as an extra layer of security against unauthorised devices or BYOD.
🧠 How does MAC Filtering work?
- Each network interface (NIC) has a fixed MAC address, e.g.
00:1A:2B:3C:4D:5E - A list is configured on the switch or access point:
- Whitelist: only permitted MAC addresses
- Blacklist: excluded MAC addresses
- Traffic from unknown MAC addresses is rejected or ignored
⚙️ Characteristics of MAC Filtering
| Characteristic | Explanation |
|---|---|
| Low-level control | Operates at Layer 2 (data link layer) of the OSI model |
| Access restriction | Only known devices may use the network |
| Easy to implement | Many switches and Wi-Fi access points support it natively |
| Not foolproof | MAC addresses can be spoofed; not a substitute for 802.1X or VLANs |
🏭 MAC Filtering in an OT context
| Application | Purpose |
|---|---|
| Industrial switches | Only authorised PLCs or HMIs may communicate |
| Wireless access points | Prevent BYOD or unauthorised laptops/tablets in the OT network |
| Guest network segmentation | Combine with network segmentation and firewall rules |
| Legacy systems without 802.1X | Apply minimal access control without certificate infrastructure |
✅ Benefits
- Easy to configure on smaller networks
- Low risk of false positives with proper configuration
- An additional barrier to unauthorised access
⚠️ Limitations and risks
| Limitation | Explanation |
|---|---|
| Easy to bypass | An attacker can spoof the MAC address of an authorised device |
| Management overhead | Manual addition/removal of addresses takes time |
| Does not scale | Impractical in large, dynamic environments |
MAC Filtering is not a replacement for network authentication, but rather an additional layer in a defence-in-depth model.
🔐 Best practices
- Combine with 802.1X for genuine authentication
- Use network segmentation and ACLs to restrict traffic
- Automate via NAC systems where possible
- Monitor for spoofing attempts using anomaly detection
📌 In summary
MAC Filtering is a basic form of network-level access control, suitable for static OT environments with fixed equipment. It does not provide complete security, but it is a useful additional layer within a defence-in-depth strategy.