This topic has been marked solved and closed to new posts due to inactivity. We hope you'll join the conversation by posting to an open topic or starting a new one.
Orbi Pro Security: What is better MAC ACL or Enable Access Control???
Hello Again,.
I have a very simple network setup....Router - Satillite.
3 SSID 1. For Admin. 2. Staff 3. ioT. Total about 20 devices connenting. Pretty simple and straightforward.
cuurently for Security, MAC ACL is diabled on all SSID.
Access Control is also, Not enabled......
And so far, Have not any issues. Everyone/everything connects and no issues.
My onlly concern is I am seeing a lot of DoS Attacks/Scans...
Here is a sample..
DoS Attack: SYN/ACK Scan] from source: 95.217.31.46, port 443, Sunday, September 26, 2021 19:44:38 [DoS Attack: SYN/ACK Scan] from source: 95.217.31.46, port 443, Sunday, September 26, 2021 19:29:41
so I am not sure what is the better for security...
I am not a techy person, so any help would be appreciated....
cuurently for Security, MAC ACL is diabled on all SSID.
MAC ACL is a management pain in general. You could enable it, register all MAC addresses of the device connecting to your wireless network. Then you will find overly smart devices defaulting to random MAC addresses (so tomorrow the same device won't connect again because a different MAC is used), and in two weeks you will be back wondering why the new computer, the replaced mobile phone and so on won't connect to your network anymore.
As above - it just adds the a MAC based access control for the complete network, wireless and wired.
Both variants can be used only if you have tight management control of all your devices, can manage all your devices, have good processes for adding new devices to the network, have good processes in place for replacing existing devices, availability of network admin when you are using BYOD and your workers are coming in early morning or in the evening with a new or replaced device.
Never deploy more security than what you understand and what you can handle.
My onlly concern is I am seeing a lot of DoS Attacks/Scans...
Complete different story, unrelated to the to the MAC ACL on the wireless radios and Access Control on the local network. See my reply on your dedicated thread.
cuurently for Security, MAC ACL is diabled on all SSID.
MAC ACL is a management pain in general. You could enable it, register all MAC addresses of the device connecting to your wireless network. Then you will find overly smart devices defaulting to random MAC addresses (so tomorrow the same device won't connect again because a different MAC is used), and in two weeks you will be back wondering why the new computer, the replaced mobile phone and so on won't connect to your network anymore.
As above - it just adds the a MAC based access control for the complete network, wireless and wired.
Both variants can be used only if you have tight management control of all your devices, can manage all your devices, have good processes for adding new devices to the network, have good processes in place for replacing existing devices, availability of network admin when you are using BYOD and your workers are coming in early morning or in the evening with a new or replaced device.
Never deploy more security than what you understand and what you can handle.
My onlly concern is I am seeing a lot of DoS Attacks/Scans...
Complete different story, unrelated to the to the MAC ACL on the wireless radios and Access Control on the local network. See my reply on your dedicated thread.
