adam:ONE maps all devices to their respective MAC address as received at the gateway. As a result, many have asked how we mitigate MAC address spoofing attempts.
First, here some things to note:
- Spoofing the MAC address of another device (while both devices are in reach) will disable both devices from operating normally because the switch won’t know how to handle the traffic
- iOS devices cannot be spoofed
- Android devices can be spoofed, however, MDM can be used on Android to make it impossible to spoof the MAC address
So how does adam:ONE mitigate MAC address spoofing?
Any device that connects to the network is automatically assigned to your Default Policy .
To reduce the risk of machines, software or users bypassing filtering policies by masking a device’s actual MAC address, simply set the DEFAULT Policy to “No Internet” (or a Policy of your choice). This way, no matter how many times MAC spoofing occurs to previously-unseen addresses, devices will always connect to your pre-selected filtering policy.
- In other words, if someone spoofs the MAC to a random address, it will just land them on “No internet”
Our conclusion: MAC spoofing is possible, but highly impractical and rarely observed. If it happens, it leaves breadcrumbs and cannot be done without leaving traces when a conflict occurs. There are advanced mitigation techniques available that thwart this attack absolutely. Please reach out to our support if your security posture lists this as a requirement.
Setting the Default Policy:
To specify your Default Policy, log in to your ADAM dashboard (dashboard.adamnet.works):
- Click on Policies
- Select which Policy you’d like to make the default by clicking the drop down menu (under Manage Policies) and clicking the preferred Policy (example: No Internet)
- Click the “Make Default” button
More info. on how devices are enrolled and named can be found by clicking this link.