Cengage Module 11: Wireless Network Security
Initialization Vector (IV)
A 24-bit value used in WEP that changes each time a packet is encrypted.
ad hoc mode
A WLAN functioning without an AP. Officially called an Independent Basic service set (IBSS)
Cipher Block Chaining Message Authentication Code (CBC-MAC)
A component of CCMP that provides data integrity and authentication.
Simultaneous Authentication of Equals (SAE)
A component of WPA3 that is designed to increase security at the time of the handshake when the key is being exchanged.
Extensible Authentication Protocol (EAP)
A framework for transporting authentication protocols that defines the format of the messages.
Narrowband Internet of Things (NB-IoT)
A low-power wide area network (LPWAN) radio technology standard.
Zigbee IEEE Standard
A low-power, short-range, and low-data rate specification designed for occasional data or signal transmission from a sensor or IoT device.
Media Access Control (MAC) address filtering
A method for controlling access to a WLAN based on the device's MAC address.
Point-to-Multipoint Topology
A network topology in which one device is connected to multiple devices.
Point-to-Point Topology
A network topology in which one device is connected to one other device.
Near Field Communication (NFC)
A set of standards used to establish communication between devices in very close proximity
Wi-Fi heat map
A software tool that provides a visual representation of the wireless signal coverage and strength.
IEEE 802.1x
A standard, originally developed for wired networks, that provides a greater degree of security by implementing port-based authentication.
Disassociation attack
A wireless attack in which false deauthentication or disassociation frames are sent to an AP that appear to come from another client device, causing the client to disconnect.
Wireless local area Network (WLAN), WIFI
A wireless network designed to replace or supplement a wired local area network (LAN). Also called wireless local area network (WLAN).
Open method
A wireless network mode in which no authentication is required.
Radio Frequency Identification (RFID)
A wireless set of standards used to transmit information from paper-based tags to a proximity reader.
Bluetooth
A wireless technology that uses short-range radio frequency (RF) transmissions and provides rapid ad hoc device pairings.
Evil Twin Attack
An AP set up by an attacker to mimic an authorized AP and capture transmissions, so a user's device will unknowingly connect to the evil twin instead of the authorized AP.
Controller APs
An AP that is managed through a dedicated wireless LAN controller (WLC).
Protected EAP (PEAP)
An EAP method designed to simplify the deployment of 802.1x by using Microsoft Windows logins and passwords.
EAP-TLS
An Extensible Authentication Protocol that uses digital certificates for authentication.
Bluesnarfing Attack
An attack that accesses unauthorized information from a wireless device through a Bluetooth connection.
Bluejacking attack
An attack that sends unsolicited messages to Bluetooth-enabled devices.
Site survey
An in-depth examination and analysis of a wireless LAN site.
Captive portal AP
An infrastructure on public access WLANs that uses a standard web browser to provide information, and gives the wireless user the opportunity to agree to a policy or present valid login credentials to provide a higher degree of security.
SIM card
An integrated circuit that securely stores information used to identify and authenticate the IoT device on a cellular network.
Wi-Fi Protected Setup (WPS)
An optional means of configuring security on wireless local area networks primarily intended to help users who have little or no knowledge of security to implement security quickly and easily on their WLANs.
Rouge AP attack
An unauthorized AP that allows an attacker to bypass many of the network security configurations and opens the network and its users to attacks.
Enterprise method
Authentication for the WPA2 Enterprise model.
Bluetooth classes
Class 1 devices are up to 328 feet (100 meters), Class 2 devices have a maximum range of 98 feet (30 meters), and Class 3 devices can send and receive up to 33 feet (10 meters).
channel overlays
Conflicting frequency channels in a Wi-Fi network.
wireless access point placement
Ensure site survey and determine the strongest RF location at the facility to locate this device.
Jamming Attack
Intentionally flooding the radio frequency (RF) spectrum with extraneous RF signal "noise" that creates interference and prevents communications from occurring.
Wi-Fi analyzer
Software that can evaluate Wi-Fi network availability as well as help optimize Wi-Fi signal settings or help identify Wi-Fi security threats.
Wi-Fi direct
The Wi-Fi Alliance implementation of WLAN ad hoc mode.
preshared key (PSK)
The authentication model used in WPA that requires a secret key value to be entered into the AP and all wireless devices prior to communicating.
WPA3 (Wi-Fi Protected Access 3)
The current generation of Wi-Fi Protected Access (WPA) whose goal is to deliver a suite of features to simplify security configuration for users while enhancing network security protections.
Counter Mode with Cipher Block Chaining Message Authentication Code Protocol (CCMP)
The encryption protocol used for WPA2 that specifies the use of a general-purpose cipher mode algorithm providing data privacy with AES.
5G
The fifth-generation wireless broadband technology based on the 802.11ac standard engineered to greatly increase the speed and responsiveness of wireless networks
Baseband
The original frequency range of a transmission signal before it is converted to a different frequency range.
Wi-Fi protected access 2 (WPA2)
The second generation of WPA security from the Wi-Fi Alliance that addresses authentication and encryption on WLANs and is currently the most secure model for Wi-Fi security.
EAP-FAST (EAP Flexible Authentication via Secure Tunneling)
This protocol securely tunnels any credential form for authentication (such as a password or a token) using TLS.
EAP-TTLS (Extensible Authentication Protocol-Tunneled Transport Layer Security)
This protocol securely tunnels client password authentication within Transport Layer Security (TLS) records.
