Is securing Wifi with MAC Filter enough?
I have a MAC filter in place for everything that connects to my router. I also have WPA2 on the wireless.
When a friend comes around, I tell them the password (I trust them), they type it into their device, I then go to the admin screen, check the logs, add the MAC address to the filter and save.
Thinking about this process, it seems like since I have to add the MAC address before the device can connect properly, is there any benefit to actually having a password on the wireless?
It seems to me the answer is no (ignoring the fact that other people may see "Open" wifi and try to connect - I doubt I'll be DoS'ed). The only concern I have is how much access the device has to the network before the MAC filter kicks in - eg could an unknown device send a packet to other wifi devices / the local network?
In case it's relevant, the router in question is the D-Link DIR-615
Absolutely not.
MAC Addresses are painfully easy to sniff out and spoof. MAC address filtering is useful - in my experience - only when you're only concern is "ordinary" computer users who won't go any farther than failing to connect to the network. Handy for kicking off a roommate who has abused your generosity at keeping a network open by hogging bandwidth or the like, without incurring much inconvenience to yourself.
But for anyone even remotely determined to poke about your network? It's not enough.
It is much more important to have a strong encryption method (e.g. WPA2 AES) and key (i.e. password) if you want a secure wireless network.
Without them, others nearby can easily see what you're doing online, fake your identity (online or even real) and attack your computers. MAC filtering does nothing here because the most basic skill of a WiFi hijacker is to sniff and fake MAC addresses.
The MAC filter is only useful if you want to control users from the wired network or if you're forced to use a weak encryption (e.g. WEP). Still it's only useful again honest users/computers and is generally an overkill for home use.
If you want real security/access control, you should disable plain routing/NAT and use PPPoE, 802.1x or VPN to connect your computers to your router.