Quiz Entry - updated: 2026.07.05
What are SSID cloaking and MAC address filtering, and why are they considered weak security measures?
SSID cloaking hides the network name from beacon frames. MAC filtering only allows specific MAC addresses to connect. Both are easily defeated and should NOT be relied upon as primary security — they're "security through obscurity."
SSID Cloaking:
- The AP stops including the SSID in beacon frames → network doesn't appear in Wi-Fi scan lists
- Clients must manually enter the SSID to connect
- Why it's weak: The SSID is still transmitted in probe requests, association frames, and other management traffic. Any wireless sniffer (Wireshark, Kismet) can easily discover "hidden" SSIDs
- Only effect: Prevents casual users from seeing the network — zero protection against determined attackers
MAC Address Filtering:
- Administrator configures a whitelist of allowed MAC addresses
- Only devices with listed MACs can associate with the AP
- Why it's weak: MAC addresses are trivially spoofed. An attacker sniffs the network, sees legitimate client MACs, and changes their own MAC to match
The real lesson: Both features provide inconvenience, not security. They can be used as a minor additional layer but should never be the primary protection. Always use WPA2/WPA3 encryption and authentication as the actual security mechanism.
Go deeper:
Network cloaking (Wikipedia) — why hiding the SSID fails (it leaks in probe/association frames).
MAC filtering (Wikipedia) — how an attacker sniffs an allowed MAC then spoofs it.