adam:ONE maps all devices to their respective MAC address as received at the gateway. As a result, many have asked how we mitigate MAC address spoofing attempts.
First, here some things to note:
- Spoofing the MAC address of another device (while both devices are in reach) will disable both devices from operating normally because the switch won’t know how to handle the traffic
- iOS devices cannot be spoofed
- Android devices can be spoofed, however, MDM can be used on Android to make it impossible to spoof the MAC address
So how does adam:ONE mitigate MAC address spoofing?
Any device that connects to the network is automatically assigned to your Default Rule Set.
To reduce the risk of machines, software or users bypassing filtering policies by masking a device's actual MAC address, simply set the DEFAULT Rule Set to "No Internet" (or a Rule Set of your choice). This way, no matter how many times MAC spoofing occurs to previously-unseen addresses, devices will always connect to your pre-selected filtering policy (Rule Set).
- In other words, if someone spoofs the MAC to a random address, it will just land them on “No internet”
Our conclusion: MAC spoofing is possible, but highly impractical and rarely observed. If it happens, it leaves breadcrumbs and cannot be done without leaving traces when a conflict occurs. There are advanced mitigation techniques available that thwart this attack absolutely. Please reach out to our support if your security posture lists this as a requirement.
Setting the Default Rule Set:
To specify your Default Rule Set, log in to your ADAM dashboard (dashboard.adamnet.works):
- Click on Rule Sets
- Select which Rule Set you'd like to make the default by clicking the drop down menu (under Manage Rule Sets) and clicking the preferred Rule Set (example: No Internet)
- Click the "Make Default" button
More info. on how devices are enrolled and named can be found by clicking this link.