WGU - Comptia A+ 220-1001 - Chapter 12
Destination network address translation (DNAT)
(sometimes referred to as port forwarding) changes the destination address of incoming packets. It works best for local servers which receive connections from outside clients.
ANT+
A 2.4 GHz radio protocol similar to but separate from Bluetooth. It a proprietary format owned by Garmin, but is available for other vendors by an open access agreement; operates at low speeds over distances up to 30 meters, and is used primarily to manage sensors such as fitness trackers, medical devices, and watches. It's also recently found use in remote controls, home appliances, and industrial equipment. Like Bluetooth, ___ can form a PAN around a central control device.
RF:
A generic term rather than a standard, used to apply to any number of proprietary radio frequency protocols. A device or peripheral simply labeled as ___ or ___2.4 GHz" is likely designed for point-to-point communications with another device, and isn't compatible with other standards. It may also be prone to interference and have little or no security measures.
Z-Wave:
A proprietary wireless standard maintained by Silicon Labs; uses the 800-900 MHz ISM band, with precise frequencies varying by country; supports throughput up to 40 kbps over distances of 10-100m, but it allows nodes to form a mesh network such that even if two nodes can't directly communicate, they can relay data through intermediate nodes. This allows operations over a longer range than Bluetooth, but with less power than Wi-Fi; commonly used for interoperable monitoring and remote control of home automation systems such as lighting control, thermostats, household appliances, and security systems.
WPA-Personal:
Also called pre-shared key (PSK). Uses a passphrase of between 8 and 63 ASCII characters, manually distributed to each authorized user. It's convenient for small networks with few users, and if the password is long and random enough it's as secure as any method. The downside is that all users use the same key: this not only means that the key must be changed if any one user is compromised, but the new key also must be manually passed on to each user.
WPA-Enterprise:
Also known as 802.1x mode. Connecting clients are only allowed to communicate to an external authentication server, usually RADIUS-based, with a username and password. Once authenticated, they get full network access, but they never directly see the ___ encryption key, so they can't share it. Enterprise mode is more work to set up, but since individual user credentials can be changed or removed, it's easier to maintain and keep secure.
ZigBee - (maintained by ZigBee Alliance)
An open standard based on the IEEE 802.15.4 PAN standards. It can use a variety of ISM bands, with 2.4 GHz and 915 MHz bands being the most common; has similar features and applications to Z-Wave, so the two are currently competing standards. The open standard means ____ devices are available from more manufacturers, but are also prone to more compatibility issues.
One-to-one:
Every internal host that connects to the outside network has its own public IP address, which can either be statically or dynamically assigned from an available pool. Since you probably don't have enough public addresses for the whole network, this is best suited to networks where only some hosts connect to the Internet at any one time; is useful for some networks, but not very common in SOHO routers.
network address translation (NAT)
For a router, connecting subnets is simple as long as they all use the same routable addressing scheme. Things get more complicated when two subnets use incompatible addresses: for example, the typical SOHO router where the WAN has a public IPv4 address, but the LAN uses private IP ranges not routable on the Internet. To solve this issue, routers use ___ to join the two networks; can be used to convert between different network protocols with totally different addressing schemes, but in this particular case where both sides use IPv4, the router just needs to replace source or destination addresses in the IP header.
One-to-many:
Multiple internal hosts simultaneously share a single public IP address. Sometimes also called NAT overload. While this can potentially allow every host on the network to connect using a single public address, it makes it more difficult for the router to determine which internal system is the correct destination for an inbound packet. On this sort of network, the router needs to actively change port numbers as well as IP addresses to differentiate traffic, in a process called port address translation (PAT). This has its own complications, but you'll see them shortly.
802.11.b:
Supports speeds of up to 11Mbps on the 2.4GHz band. While it had lower speed than 802.11a, cheaper hardware and longer range made it the most popular wireless standard of the early 2000s.
802.11a:
Supports speeds of up to 54Mbps on the 5 GHz band. It was popular for high-speed applications, but expensive equipment and early hardware issues limited its adoption.
802.11ac:
Supports speeds of up to 6.93 Gbps in the 5GHz band using OFDM encoding, if all 8 spatial streams are used. This standard uses still-wider 80MHz channels (VHT), more MIMO antennas, and beamforming technology that dynamically shapes antenna broadcast direction to follow other devices. 802.11ac was formally accepted in late 2013, but draft devices were already on the market.
802.11g:
Supports speeds up to 54Mbps over the 2.4 GHz band. Since 802.11g networks also supported improved security options and backward compatibility with 802.11b devices, the new standard was quickly adopted, beginning in 2003. 802.11g devices are still in wide use and readily available for sale, even if they're slower than newer standards.
802.11n:
Supports speeds up to 600 Mbps over either the 2.4 GHz or 5 GHz band, if all 4 spatial streams are used. This standard introduced a number of technologies to boost speed, including MIMO and wider 40MHz channels via channel bonding (HT mode). One drawback of the wider channel option is that it also increases channel overlap in the already crowded 2.4 GHz band. 802.11n was officially adopted in 2009, "draft standard" devices were available starting in 2007, but not all are fully compatible with the final standard.
omnidirectional antenna
The "connector" of every wireless node includes a transmitter and a receiver, usually connected in a single device called a transceiver. A radio transceiver itself receives and transmits data as electrical signals, and converts them to and from radio waves using an antenna. The antenna itself can have an ____ coverage area, transmitting and receiving equally in all directions.
unidirectional antenna
The "connector" of every wireless node includes a transmitter and a receiver, usually connected in a single device called a transceiver. A radio transceiver itself receives and transmits data as electrical signals, and converts them to and from radio waves using an antenna; focused in a particular direction; can communicate over longer ranges with less interference, but they have to be pointed in the direction of the node they're communicating with.
NFC: Near Field Communication
a set of standards based on RFID, and commonly found on mobile devices such as smartphones; only supports communications up to 20cm away and at speeds up to 424 kbps, so it's usually only used either for small amounts of data like contactless payment systems or authentication, or else for configuration data that can bootstrap a faster Bluetooth or Wi-Fi connection.
service set identifier (SSID)
a string of up to 32 octets that can be used to uniquely identify it to clients.
RFID: Radio frequency identification
a technology which allows identification and communication between nodes using electromagnetic fields. Unlike most networking technologies, ___ supports passive tags, transceivers which have no power source of their own but are activated by powered transceivers called readers. ____ can be used for short-range communication, but it's most commonly used for inventory tracking, i.d. badges, and even implanted chips to identify pets in case they're lost.
Infrastructure networks
centrally managed from a central wireless access point (WAP) that mediates all communications. Usually the WAP also has a connection to a wired LAN or the Internet.
Source network address translation (SNAT)
changes the source address of outgoing packets. It works best for local client systems which initiate connections with outside servers, but don't usually receive incoming connections.
Bluetooth:
designed for wireless PAN applications; operates in the same 2.4 GHz RF band used by Wi-Fi, and in fact many Wi-Fi NICs include ____ transceivers, but it's a separate standard; most commonly used to connect peripherals to computers and mobile devices.
Ad hoc\ or peer-to-peer network
have no WAP: clients communicate directly with each other; this is simpler, but generally less efficient than infrastructure mode or a newer WMN. In fact, when no WAP is available it's popular to configure one client as an improvised WAP so the network can operate in infrastructure mode.
WPA2:
is the final version of WPA, based on the final 802.11i standard. It has a few changes, but the biggest one is mandatory support for 128-bit encryption using the strong and well-regarded Advanced Encryption Standard(AES) cipher. AES was optional in many WPA devices, but not required. Likewise, ____ devices usually allow TKIP as an option. Since there are no known effective attacks against the AES implementation itself, ___ in AES-only mode is the strongest current encryption standard for Wi-Fi.
stick-like monopole or dipole antennas
most common omnidirectional antenna form factors are the ___ included with most wireless access points or found on radio receivers.
demilitarized zone (DMZ)
refers to a host or network that acts as a secure and intermediate network or path between an organization's internal network and the external, or non-propriety, network. It enables external clients to access data on private devices, such as web servers, without compromising the security of the internal network as a whole.
WMN
support is not a core part of Wi-Fi, but it's supported by some new devices, especially distributed WAPs and IoT devices; works like an ad hoc network but with more sophisticated management protocols that allow multiple clients and optionally access points to cooperate efficiently together.
one-to-one and one-to-many
there are two approaches to NAT
multiple-input and multiple-output (MIMO)
transmission found on some wireless devices; uses multiple antennas to simultaneously transmit and receive separate data streams on the same channel. While this might seem like some kind of hoax or weird magic given how radio broadcast usually works, the short explanation is that in the right conditions it's possible for software to remove most interference between the streams, resulting in higher total throughput.
WPS: Wi-Fi Protected Setup
was designed to make it easy for non-technical users of home networks to easily control network access. It's an addition to PSK mode, but also allows the key to be shared with a new device by other methods like a PIN, a push-button pairing mechanism, or NFC pairing. It's convenient, but it turned out to have a major security flaw. The PIN method, which is a mandatory part of the standard, turned out to be unexpectedly susceptible to brute force cracking; an attacker can solve any PIN in a matter of hours. While this might keep out casual freeloaders, that's no time at all for a determined intruder.
WPA: Wi-Fi Protected Access
was included as part of the draft 802.11i standard, rushed a bit into service when WEP's critical limitations became obvious. It was designed to run on the same hardware as WEP, but with enhanced security. By default, ___ encrypts traffic using Temporal Key Integrity Protocol (TKIP), a different implementation of the RC4 cipher. Not only is the encryption key itself 128 bits, but it uses a different and more secure initialization vector, and each data packet is sent using its own key. This protected it from the worst of the WEP attacks, but it still has some vulnerabilities: this means ___ with TKIP is better than WEP, but not ideal.
WEP: Wired Equivalent Privacy
was part of the original Wi-Fi standard. It uses the RC4 encryption cipher, and it soon turned out to have some major problems. First, due to legal restrictions of the time its default configuration was an unacceptably weak key, effectively 40 bits long. The stronger option, ___-128, gave an effective 104 bits of security in theory; unfortunately, it has some other serious flaws that made it neatly as weak. A skillful attack can compromise either variety of ___ in seconds, so while devices might still support it for compatibility reasons, it was removed from the Wi-Fi standard in 2004.
wireless mesh network (WMN)
where nodes communicate and relay communications as peers rather than individually connecting to a WAP as clients. Like wired mesh networks, this gives a fluid and resilient coverage area that won't lose overall functionality if a node fails. This makes them popular for industrial and military applications; can also be used to join multiple compatible WAPs in a Wi-Fi network; this gives the benefits of centrally administered APs, but with the extra benefit that not all APs need to have a connection to the wired Internet, like a more efficient version of a repeater. As long as one AP connects to the Internet, the ___ can maintain connectivity throughout the network.