Protecting wireless networks
Transceiver
A device that allows the wireless network interface card (NIC) to connect to the network.
IEEE 802.11
A family of protocols that provides for wireless communications using radio-frequency transmissions.
Site survey
A generic site survey involves listening on an existing wireless network using commercially available technologies.
Wireless local area network (WLAN)
A local area network that employs wireless access points (WAPs) and clients using 802.11 standards.
Wireless portal
A primary method of connecting a wireless device to a network.
Server authentication
A process that requires a workstation to authenticate against the server.
Transport Layer Security (TLS)
A protocol whose purpose is to verify that secure communications between a server and a client remain secure. Defined in RFC 2246.
Evil twin
A rogue wireless access point poses as a legitimate wireless service provider to intercept information that users transmit.
Wireless Transport Layer Security (WTLS)
A security layer of the Wireless Applications Protocol (WAP). WTLS provides authentication, encryption, and data integrity for wireless devices.
Wired Equivalent Privacy (WEP)
A security protocol for 802.11b (wireless) networks that attempts to establish the same security for them as would be present in a wired network. WEP was vulnerable because of weaknesses in the way its encryption algorithms (RC4) are employed. Uses a 24-bit Initialization Vector.
Near field communication
A technology that requires a user to bring the client close to AP to verify that the device is present.
Wireless access point
A wireless bridge used in a multipoint radio frequency (RF) network.
Power level controls
Allow you to reduce the amount of output provided.
IV attack
An attack in which attackers crack the WEP secret key by examining the repeating result of the initialization vector (IV).
Extensible Authentication Protocol (EAP)
An authentication protocol used in wireless networks and point-to-point connections.
Sniffing
Analyzing data to look for passwords and anything else of value. It is also known as wiretapping, eavesdropping, and a number of other terms (packet sniffing, network sniffing, and so on).
Eavesdropping
Any type of passive attack that intercepts data in an unauthorized manner—usually in order to find passwords. Cable sniffing, wiretapping, and man-in-the-middle attacks are eavesdropping attacks.
Anonymous authentication
Authentication that doesn't require a user to provide a username, password, or any other identification before accessing resources.
CCMP
Counter Mode with Cipher Block Chaining Message Authentication Code Protocol. Uses 128-bit AES encryption with a 48-bit initialization vector.
Direct-sequence spread spectrum
DSSS accomplishes communication by adding data that is to be transmitted to a higher-speed transmission. The higher-speed transmission contains redundant information to ensure data accuracy. Each packet can then be reconstructed in the event of a disruption.
IEEE 802.11 Wireless LAN
Defines standards for implementing wireless technologies such as infrared and spread-spectrum radio.
DSSS
Direct-sequence spread spectrum
War driving
Driving around with a laptop looking for open wireless access points with which to communicate.
EAP-TTLS
Extensible Authentication Protocol—Tunneled Transport Layer Security
Frequency-hopping spread spectrum
FHSS accomplishes communication by hopping the transmission over a range of predefined frequencies. The changing or hopping is synchronized between both ends and appears to be a single transmission channel to both ends.
FIPS
Federal Information Processing Standards
FHSS
Frequency-hopping spread spectrum
Bluesnarfing
Gaining of unauthorized access through a Bluetooth connection.
WPS attacks
Have become commonplace, as the technology is susceptible to brute-force attacks used to guess the user's PIN.
War chalking
Involves those who discover a way into the network leaving signals on, or outside, the premise to notify others that a vulnerability exists there.
LEAP
Lightweight Extensible Authentication Protocol. Created by Cisco as an extension to EAP, but it's being phased out in favor of PEAP. LEAP requires mutual authentication to improve security but it's susceptible to dictionary attacks.
Captive portals
Most public networks, including Wi-Fi hotspots, use a captive portal, which requires users to agree to some condition before they use the network or Internet.
NFC
Near field communication
Orthogonal Frequency division multiplexing
OFDM accomplishes communication by breaking data into sub signals and transmitting them simultaneously. These transmissions occur on different frequencies or sub bands.
OFDM
Orthogonal Frequency division multiplexing
PEAP
Protected Extensible Authentication Protocol. Establishes an encrypted channel between the server and the client.
WPA2
Provides security that's equivalent to that on a wired network, and implements mandatory elements of the 802.11i standard.
Wi-Fi protected access (WPA)
Security protocol developed by the Wi-Fi Alliance to protect wireless networks and surpass what WEP offered. There are two versions, WPA and WPA2, with the latter being full implementation of security features.
AP
See Access point.
EAP
See Extensible Authentication Protocol (EAP).
Temporal Key Integrity Protocol (TKIP)
See TKIP.
TLS
See Transport Layer Security (TLS).
WPA
See Wi-FI protected access (WPA).
WEP
See Wired Equivalent Privacy (WEP).
Bluejacking
Sending of unsolicited messages (think spam) over a Bluetooth connection.
TKIP
Strengthens WEP encryption by placing a 128-bit wrapper around it with a key based on things such as the MAC address of the destination device and the serial number of the packet.
802.11i
The 802.11i standard provides for security enhancements to the wireless standard with particular focus on authentication. The standard is often referenced as WPA2, the name given it by the Wi-Fi Alliance.
802.11n
The 802.11n standard is one of the most popular today. It can operate in both the 5 GHz and the 2.4 GHz (for compatibility) ranges. Under the right conditions, it can reach speeds of 600 Mbps, but actual speeds are much slower. The advantage of this standard is that it offers higher speed and a frequency that does not have as much interference.
Radio frequency (RF)
The part of the radio spectrum that a device uses.
Access point (AP)
The point at which access to a network is accomplished. This term is often used in relation to a wireless access point (WAP).
Jamming
The process of intentionally generating noise or interference in an attempt to overwhelm and thereby prevent access to or use of a wireless signal.
Signal
Transmission from one PC to another. A signal could be a notification to start a session or end a session.
Mobile devices
Use either RF signaling or cellular technologies for communication.
WPS
Wi-Fi Protected Setup. is used to simplify network setup by allowing a router to have the administrator push a button on it to allow a new host to join. highly insecure.
WAP
Wireless Application Protocol
WDP
Wireless Datagram Protocol. provides the common interface between devices.
WML
Wireless Markup Language
WSP
Wireless Session Protocol. manages the session information and connection between the devices.
WTP
Wireless Transaction Protocol. provides services similar to TCP and UDP for WAP.
WTLS
Wireless Transport Layer Security. is the security layer of the Wireless Application Protocol. WTLS provides authentication, encryption, and data integrity for wireless devices. is based on the widely used TLS v1.0 security layer used on the Internet. Communication between a WAP client and WAP server is protected by WTLS. Once on the Internet, a connection is typically protected by the Secure Socket Layer (SSL), an Internet standard for encrypting data between points on the network.
transceiver
a low-power transmitter/receiver
microwave
a portion of the radio frequency (RF) spectrum
Wireless Markup Language
a smaller version of HTML
Replay attacks
capturing portions of a session to play back later to convince a host that it is still talking to the original connection.
omnidirectional antenna
designed to provide a 360-degree pattern and an even signal in all directions
cloaking
disable, or turn off, the SSID broadcast
directional antenna
forces the signal in one direction, and since it is focusing the signal, it can cover a greater distance with a stronger signal.
IV
initialization vector
Wireless Application Protocol (WAP)
is an open international standard for applications that use wireless communication.
gain value
is expressed in dBi numbers. A wireless antenna advertised with a 20 dBi would be 20 times stronger than the base of 0 dBi. As a general rule, every 3 dB added to an antenna effectively doubles the power output.
802.11
operates on 2.4 GHz. This standard allows for bandwidths of 1 Mbps or 2 Mbps.
Network lock
synonymous with MAC filtering