I use the orinoco product line and we have the possibility to allow access to the wireless network only to those who connect with a card which the MAC has been loaded into the MAC address list of every access point. Now I have been told and read that it was possible to easily spoof the MAC address of a card, by doing so I would be able to authenticate myself through the access point using the MAC address of a legitimate user. Is this true and if it is how easy is it to do it.

It is true, you can easily spoof the MAC layer, I've done it many times to prove to companies.

Also, if it's a large network keeping up with MAC's will be come management nightmare.

I work for a cable company in which the Basis of our network relies on management of MAC addresses. This really isn't much of an issue with proper software and database management.

I consider MAC address to be too weak for any serious security, if used alone.

WEP is easy to use, and should be always utilized.

Many APs allow blocking of SSID announcments, and that would make the network less visible.

By using several security measures together, the total security is improved. When there are other security measures in place, a MAC address based protection has small added value, provided that one has a good way to manage those MAC address lists.

Yes it can be done... Here is a prg that does it for Orinco cards... very easy and fast..

I use it a lot in testing...
http://forums.netstumbler.com/showthread.php?s=&threadid=553&perpage=15&highlight=change

Or netstumbler and search for mac spoofer

It is simple to spoof the mac address on orinoco cards, all you have to do is create an entry for it in the registry setting the vaule to the mac address you wish to use.

What Windows 2000 based tools are out there to spoof MAC addressess?