Вы находитесь на странице: 1из 23

NSE 1: Wireless Concepts

Study Guide

NSE 1: Wireless Concepts Study Guide

NSE 1: Wireless Concepts Study Guide


Last Updated: 8 April 2016

Fortinet, FortiGate, and FortiGuard are registered trademarks of Fortinet, Inc. in the U.S. and other
jurisdictions, and other Fortinet names herein may also be trademarks, registered or otherwise, of
Fortinet. All other product or company names may be trademarks of their respective owners. Copyright
2002 - 2016 Fortinet, Inc. All rights reserved. Contents and terms are subject to change by Fortinet
without prior notice. No part of this publication may be reproduced in any form or by any means or used to
make any derivative such as translation, transformation, or adaptation without permission from Fortinet,
Inc., as stipulated by the United States Copyright Act of 1976.

NSE 1: Wireless Concepts Study Guide

Table of Contents
WIRELESS CONCEPTS ..................................................................................4
CHALLENGES TO WIRELESS NETWORKING ....................................................5
The Dynamics of Noise and Wireless Networks.....................................................................5
Noise............................................................................................................................................................ 5
Congestion ................................................................................................................................................... 6
Distance ....................................................................................................................................................... 7
Summary The Dynamics of Noise and Wireless Networks .......................................................................8

Wireless Network Scalability...................................................................................................8


Roaming....................................................................................................................................................... 11
Application Priorities.....................................................................................................................................12
Wireless Access Point Management............................................................................................................ 14
Summary Wireless Network Scalability.....................................................................................................14

Wireless Network Security ......................................................................................................14


Shared Medium............................................................................................................................................ 15
Rogue Networks...........................................................................................................................................15
The One Network Concept ........................................................................................................................ 16
Summary Wireless Network Security ........................................................................................................17

WIRELESS CONCEPTS - SUMMARY ................................................................18


KEY ACRONYMS ...........................................................................................19
GLOSSARY...................................................................................................21

NSE 1: Wireless Concepts Study Guide

Wireless Concepts The Dynamics of Noise and Wireless Networks

Wireless Concepts
Wireless networks such as Wi-Fi and cellular/4G are
similar to wired networks in their fundamental purpose.
The main difference is that wireless networks use radio
signals instead of cables to carry signals between
devices.
Unplugging from the constraints of a fully wired
network provides for the mobility needs of modern
business and consumer trends in mobile computing
(Figure 1). Many people now have a mobile phone as
their primary phone, instead of a land line.

Figure 1. The wireless network concept.


When wireless networks were first developed, they were relegated to casual use. Wired networks still
comprised the major networking infrastructure, especially for business use and other critical needs which
required a stable network. Over time, as wireless devices and technology evolved, access speeds and
wireless network stability improved. Both individuals and businesses started to use wireless networks
more. (Figure 2). People now expect Wi-Fi to be available all the time and everywhere.

Figure 2. Evolution of wireless network needs.


Wireless has become the preferred method for peoples network access. For some networkssuch as
those provided to guestswireless is the only available way to access the network. As access speeds
and data flow have increased, and costs of mobile Internet-capable devices have decreased, providing
wireless Internet access to users has become a requirement for businesses and organizations in many
places around the world.

NSE 1: Wireless Concepts Study Guide

Challenges to Wireless Networking The Dynamics of Noise and Wireless Networks

Challenges to Wireless Networking


Traditional wired networks present challenges such as running cable, large costs and amounts of
materials for distributed operations, and limited mobility for users. Wireless networks also present
challenges to both users and administrators. Indeed, there are challenges to wireless networks in
addition to those of wired networks.
Several natural phenomena make wireless networking different from wired networks, although a few
most notably distancealso affect wired networks. This section is a simple view of how wireless networks
operate. The significant challenges to wireless networks are presented in three areas:

effects of noise

scope and scalability

network security

The Dynamics of Noise and Wireless Networks


To understand how wireless networking behaves, you can compare it to the characteristics of another
way we transmit information: by talking.

Noise
Noise disrupts communication, whether near the speaker, the listener,
or both. Many times we find ourselves in a situation where we cant
clearly hear what another person is saying. This could be due to a
number of varying factors, such as a loud aircraft flying overhead, loud
music from a passing car, a blender on your kitchen counter, or other
noise in the environment.
With sound, there are multiple techniques that can be used to ensure
that a listener can hear the message despite noise. You can wait until
the noise stops, reduce it to a manageable level by turning down the
volume on surrounding devices such as music players, move closer to the other person with whom you
are talking, or move to a quieter location.
With radio frequency (RF) noise that disrupts communications for wireless devices, some similar
techniques can be used. Unfortunately, unlike sound noise that affects talking, RF noise is very difficult to
detect unless you have tools designed to measure RF noise levels. Finding the origin of the noise may be
a complicated and time-consuming task.

Figure 3. Devices that may affect radio frequencies (RF).


Similar to the way that multiple people and audible devices share the airwaves, many different kinds of
devices can share the same or nearly identical radio frequencies. Because of the proximity of those

NSE 1: Wireless Concepts Study Guide

Challenges to Wireless Networking The Dynamics of Noise and Wireless Networks


devices to your wireless deviceor that of the device with which your device is communicatingthe
signal carrying your electronic conversation may be disrupted. Examples of some common devices that
can cause RF interference include surveillance cameras, cordless (wireless) phones and their
transmission bases, and microwave ovens (Figure 3).

Congestion
When only twoor a fewpeople talk, they usually take turns talking and
listening. This makes it easier to hear and understand the other persons
speaking, because it provides time for listeners to focus on the other
persons message. If something is not understood, the speaker can repeat
it to ensure the listener understands the message.
Another option besides repeating the message for better understanding is
to change other characteristics such as how fast you speak, how loudly, or
how high or low the pitch of voice. For example, slowing the speed at
which you speak can make it less difficult for the listener to hear and understand the message so that you
dont need to repeat yourself, but the tradeoff is that speaking slower takes longer to convey the
message. Volume that is too loud may result in distortion or the listener attempting to tune out the
message.
When many people try to talk and listen at the same time,
receiving a clear message becomes very difficult. We
have the ability to effectively conduct duplex
conversationswe speak and then we listen, but not both
simultaneously. We do not have the ability to multiplex in
conversation effectivelythat is, we cannot listen to
multiple messages or transmit while receiving effectively.
As multiple people try to be heard, the aggregated volume
increases to the level when no conversations may
effectively take place in the environment.
Similar to people, wireless device radios operate in halfduplex mode as they are only able to either transmit or
receive data at any point in time. They cannot transmit
and receive at the same time. When there are few wireless devices communicating on a network, they
can easily take turns transmitting and receiving, enhancing the chances of clear communication (Figure
4). However, even in an environment with few devices communicating, these devices cannot operate in
full duplex: each one may only transmit or receive, but not both simultaneously.

Figure 4. Wireless communications with few devices.


As with human communication, devices may repeat messages if the receiving device does not
understand the message or if the expected response is not received. Wireless devices may also slow
transmission rate to mitigate the effects of things like RF interference and other factors.

NSE 1: Wireless Concepts Study Guide

Challenges to Wireless Networking The Dynamics of Noise and Wireless Networks


Much like when crowds of people try to talk all at once, large numbers of devices trying to communicate in
the wireless network (Figure 5) may result in missed messages, the need to repeat transmissions, or RF
interference when different devices near each other try to transmit at the same time.

Figure 5. Wireless challenges in a network with many devices.


In busy networks, devices may need to repeat messages more frequently or slow transmission to ensure
that the recipient can understand the message. This often happens when too many devices try to
communicate simultaneously, resulting in the wireless network being slowed down in congested areas.

Distance
Distance is an important factor in communications. When people
are close to each other, they may communicate easily with
reasonable volumes, as well as being able to more clearly see
when one person has stopped talking so the other person may
start to talk.
As distance between
people increases, the
intensity of sound
diminishes. This is
because the sound waves are spread over an increasing area
the further they are from the source. As sound travels farther
from the transmitter, sound wave intensity diminishes
exponentially (following the inverse-square law) across the
distance between transmitter and receiver, eventually being
reduced to a level below that discernable to the human ear.

Power

Distance

Figure 6. Sound (and radio) loss over distance.

NSE 1: Wireless Concepts Study Guide

Challenges to Wireless Networking Wireless Network Scalability


As sound level decreases over distance, the natural reaction is
to increase volume to mitigate the loss of communications
integrity over that distance. Shouting or using an amplification
devicesuch as the bullhorn illustrated to the rightmay work
where an individual is trying to reach either another individual
or group of people. However, once everyone is shouting (or
using amplification) it causes the same type of confusion and
inability to discern messages as congestion.

Figure 7. Effect of distance on wireless reception.


Increased distances have a similar effect on wireless devices and networks. When the distance between
transmitter and receiver is small, each device has a higher probability of receiving a strong signal from the
other device(s). However, like with speaking, as distance increases between transmitter and receiver, the
strength of the signal diminishes, eventually making it difficult for the receiver to distinguish the message
from the surrounding noise, resulting in a request for retransmission.

SummaryThe Dynamics of Noise and Wireless Networks


Similarities exist between challenges to human communication and communications over a wireless
network. These challenges increase as the population and stretch of the network increases. The three
major impacts to wireless networks that mirror those on human communication include noise, congestion,
and distance. As more devices enter the network, noise in the form of RF interference affects the ability of
devices to distinguish messages from other devices. Likewise, as more devices enter the network,
congestion may slow the transmission of data. Since devices cannot transmit and receive simultaneously,
devices must transmit and then wait to receive. Finally, there are effects of distance: the farther apart
devices are, the more signal degradation occurs between transmitter and receiver. In both caseshuman
and device communicationthe natural reaction of increasing volume has its own problems, because
increasing volume also increases overall noise for other transmitters and receivers, and because signal
distortion can make it difficult to understand the message.

Wireless Network Scalability


Noise and RF interference are not commonly seen in small
wireless networks, such as home networks or those found in a
small, isolated coffee shop. In these kinds of environments, you
may have a few devices operating at the same time. Few
people are simultaneously running any kind of applications that
require a lot of bandwidth. Therefore, if someone's web
browsing slows down for a moment, no one may notice.
By contrast, larger networks may have hundredsor even
thousandsof wireless devices. Combined with these wireless
network devices may also be wired devices, all connecting to
the same server or database. It is likely that you have used one

NSE 1: Wireless Concepts Study Guide

Challenges to Wireless Networking Wireless Network Scalability


of these large wireless or combination networks, such as
using a hotel network, the guest network in a hospital, an
academic campus distributed over a large area, or the
network for your own company or organization.
Whether it is in hotels, schools, airports, universities, or
distributed enterprises, the organization wants its wireless
network to be accessible.

Supports tens of
Wireless Devices

Wireless Router

Figure 8. Small wireless network.


In small wireless networks, the Internet connection is often through a wireless router that has several
functions (Figure 8). Besides providing wireless access, it is often also a firewall and a DSL or cable
modem. These wireless routers are often called thick access points (AP). It indicates that both the
wireless radio plus the router are together in one device. But because multiple functions are in one
device, a thick AP can be more expensive and less scalable.
In larger wireless networks, the device that converts the electrical wired signal into a radio wireless one
the AP, also called a wireless access point (WAP)is often separate from the router and/or management
device. Its therefore called a thin AP. Together with thick APs or routers, many thin APs can form one
wireless network for a large area. These radio signals reach wireless devices in the area, which might be
tablets, smartphones, laptops, or even televisions. Because these wireless networks are often much
larger, they often have a centralized wireless controller for scalability reasons.
If the wireless network is cloud-based, the data flow is slightly different (Figure 9). Instead of having a
thick AP or wireless controller on the same local network, the wireless controller is remote, across the
Internet from the local APs. In between are usually routers that do not control the APs. To form the
wireless network, the cloud APs initiate a connection through the Internet to the clouds wireless
controller. The cloud controller replies to create the two-way communication. Once that communication
has been established, the AP makes or joins a wireless network according to the cloud-provided
configuration. Wireless devices can then join the wireless network.
Supports hundreds of
Wireless Devices

Cloud-based
Wireless Controller
Cloud-Controlled AP

Figure 9. Cloud wireless network.

NSE 1: Wireless Concepts Study Guide

Challenges to Wireless Networking Wireless Network Scalability


There can be many APs connected to the cloud controller, or just a few, depending on the deployment
requirements. APs dont need to be in the same physical location. Cloud-based wireless networks are
versatile enough to be used for small networks (often through a managed service provider) or for
medium-sized business networks. One key advantage of using a wireless controller is that all the APs can
be managed at the same time, from the same control panel.
Wireless Controller

Access Points (APs)

Power over
Ethernet (PoE)

Supports thousands of
Wireless Devices

Figure 10. Large wireless network.


A large wireless network has the same general data flow as smaller networks, but because of the
increased areas of coverage and the much larger number of wireless devices, it is a much more complex
situation. In a large wireless network, APs must be coordinated through some form of wireless controller
(Figure 10). This might be an integrated wireless controller or it might be an infrastructure wireless
controller. Different equipment will have different feature sets.
Power over Ethernet (PoE). Due to AP placement areas on ceilings of high walls, where electrical
outlets do not normally reside, access points have the option to utilize PoE technology. This enables the
AP to be powered through an Ethernet cable by either a Power injector or a PoE switch. Power over
Ethernet supported standard can supply either about 15 watts or 25 watts of power to end devices. This
power typically is used to run wireless access points, though it could power other devices such as
cameras.
Roaming. In small wireless networks, there is only one or two APs. A device is either connected to the
AP or out of range, disconnected. In larger wireless deployments, however, there are many APs. A
wireless device can roam from one AP to another AP, but still remain connected to the wireless network
meanwhile.
Application Priority. Applications tend to have equal importance in most small wireless networks. With
fewer users, it is less likely to be necessary to prioritize one persons video streaming over another
persons web browsing, because there are fewer people competing for the limited airtime and bandwidth.
In larger wireless networks, some applications often must be prioritized over others. In hospital networks,
for example, a doctors quick access to critical patient information is much more important than many
people in the lobby browsing the web.
Network Management. In small wireless installations, there is often very little network management.
Typically, once the network is set up, it simply remains that way. Compare this with larger wireless
installations where ongoing management is required due to ongoing changes in the number of APs and
wireless devices. Several different kinds of management may be required: to modify AP configurations, to
modify user and network access policies, to authenticate users, and to view an audit trail so that the
administrator knows who changed the network.
Each of the factors identified and illustrated in Table 1 have their own level of complexity that they bring to
wireless network operations. To examine further their effects, we need to analyze the factors individually:
roaming, application priority, and network management.

NSE 1: Wireless Concepts Study Guide

10

Challenges to Wireless Networking Wireless Network Scalability


Table 1. Comparative characteristics of small v. large wireless networks.
Small

Large

Devices stay with one AP

Devices roam between multiple APs

Applications have equal importance

Applications are prioritized

No management after setup

Ongoing management:

Configuration

Policies

User authentication

Audit trails

Roaming
Connectivity dynamics change with the type of device, and as the scope of the network grows from a
small wireless network to a larger, more distributed network. The first and simplest case is that of a
stationary device, such as the desktop system pictured in figure 11. This device is likely to wirelessly
connector associate as we say in the wireless industryto the closest AP and stay associated with it.
This is because a desktop system typically does not move.

Figure 11. Stationary device on a wireless network.


A slightly more complex case is where a wireless device moves between areas covered by different APs.
This process is called roaming (Figure 12). A typical example is where a tablet or smart phone will start
associated with one AP (1), and then move to the area covered by another AP.

NSE 1: Wireless Concepts Study Guide

11

Challenges to Wireless Networking Wireless Network Scalability


Second Access Point

4)
WLAN Controller

3)

2)

First
Access 1)
Point

1)

2)

3)

Figure 12. Mobile device roaming on a wireless network.


As it moves from its first position, the radio signal from the first AP will become weaker (2) until the
wireless device starts searching for a better quality signal. Then, if it detects another AP in the same
wireless network (SSID) with a better signal, it will request to re-associate (3) with that new AP. At that
point, the new AP will notify the WLAN controller of the re-association and the WLAN controller will send
the data destined for the wireless device to the new AP so that it can continue the data flow to the device
(4). Some WLAN controllers are capable of anticipating which AP a roaming device is approaching and
will proactively send the devices data to that AP. That way connectivity will not be lost due to time spent
forming the new association. This has beneficial effects for latency-sensitive applications such as voice or
video calls.

Application Priorities
Unlike copper or fiber-optic wires that are only usable by
the two devices they connect, air is a shared medium.
Traffic from all devices in the area must share airtime
(Figure 13). Congestion can result when too many
devices try to transmit RF signalstalkat the same
time.
Performance can also decrease when too many
applications must equally share limited network or
Internet bandwidth.

Figure 13. Networks dont have unlimited bandwidth.


Perhaps one person is watching a how-to video, and another is trying to run a web conference. Yet
another might need to log in to server. And often e-mail and other applications run in the background.
When multiple different applications try to share the air or wired network simultaneously, if they are all
given the same priority, this causes application congestion.
As more organizations use Wi-Fi instead of wired network connections for business critical applications, it
becomes crucial to give timely access.
What if a CEO on a critical conference call had to compete with a guest streaming a video of cats in the
next roomthe same AP? Or what if airport personnel needed urgent airplane maintenance information,
but it was slow because passengers were downloading a new iPhone update?
What if we are trying to give a live demonstration, but there is not enough available bandwidth? That
happened to Steve Jobs in 2010 at a full auditorium when he was promoting the features coming in the
new iPhone 4 (Figure 14; click the image to see the video).

NSE 1: Wireless Concepts Study Guide

12

Challenges to Wireless Networking Wireless Network Scalability

Figure 14. The impact of un-prioritized wireless applications.


When Mr. Jobs started his video conferencing demonstration, it didnt work. As his staff worked to find the
problem, they found that 570 wireless devicesincluding APswere trying to use the network! Without
prioritization, his equal part of the bandwidth wasnt enough for fast video streaming. The workaround
was to ask the audience to turn off their Wi-Fi so his demonstration could continue.
This obviously isnt a practical solution on a daily basis, especially in a large wireless network with
hundreds or thousands of devices and people.
We need a way to prioritize the traffic, not only across the wireless network but also across the wired
network, too, to make sure the most important traffic has the highest priority (Figure 15). This is called
traffic shaping, which is a network traffic management technique which guarantees performance,
improves latency, and/or increases the amount of bandwidth given to crucial packets. How? By making
less time-sensitive packets use a smaller part of the bandwidth,
or wait until the mediacopper or fiber optics in the case of
wires, or air in the case of wirelessis less busy.
Application-based traffic shaping is the most common type.
Fingerprinting tools identify less or more important applications,
then the network applies policies to shape how the traffic flows
through each point on the network.

Client #1

Client #2

Figure 15. Application data prioritization.

NSE 1: Wireless Concepts Study Guide

13

Challenges to Wireless Networking Wireless Network Security

Wireless Access Point Management


If you only have two APs in a coffee shop, they are a small-scale network, easy to manage. It is very
easy to control the device and network configuration and access policies, to manage user authentication,
and to track who made each change. But what if you have hundreds, or thousands, of coffee shops? Or
retail stores? This quickly becomes a large, complex network management challenge (Figure 16).

Figure 16. Distributed nature of large wireless networks.


Managing your wireless infrastructure is like managing any other group of network equipment, except that
APs often far outnumber the amount of switches or routers. Providing wireless access means you may be
managing five to fifty times more devices. To do this efficiently and quickly, you need good centralized
management software called a wireless LAN controller that can monitor and apply changes to many APs
at once.

SummaryWireless Network Scalability


Scalability has an important influence on how a wireless network is designed, deployed, and managed.
As a network grows from smallsuch as a home or small coffee shopto a large or even global
distributed network, the number of devices can multiply enormously. While simple wireless networks
present fewer challenges than large networks, every wireless network shares some fundamental
challenges. Unlike on wired networks, devices on wireless networks can move, roaming between APs.
With multiple users trying to use the network simultaneously, wireless networks require application priority
policies to ensure that the most critical applications are not delayed because of less important
applications. One thing that is different between large and small networks is the necessity for wireless
network management software to ensure the many APs and their configurations can be handled without
creating too much work for the administrator.

Wireless Network Security


While security concerns apply to every wireless network, high-value datafor example, financial data,
proprietary information, or patient recordsare of particular concern in the network. Security concerns for
wireless networks range from the problem of shared media to purposeful intrusion or capturing of wireless
network communications, to the challenges of integrating wireless networking into a combined
wired/wireless network environment.

NSE 1: Wireless Concepts Study Guide

14

Challenges to Wireless Networking Wireless Network Security

Shared Medium
We generally dont want people to eavesdrop on our private
conversations. Think about what mischief could happen if we
were telling someone our credit card number and an identity
thief overheard it. Or what could happen if someone watched
you use an ATM and you were not careful about ensuring others
could not see your PIN or card information? In either case, this
allows potential compromise of your personal, confidential
information and subsequent theft.
Wireless networks are no different. Like an ordinary
conversation, wireless signals can be overheard by anyone
within range. In order to stop unauthorized people from using the
data within those signals, valuable data should be encrypted. This makes sure that potential attackers
cannot understand what were communicating.
It is also important to make sure we are actually speaking to the right person! Authentication verifies that
someone is actually who they say they are. uthentication may be accomplished through a variety of
means, from simple methods involving a user name and password or PIN to more complex ways with
two-factor authentication or authentication tokens. This is the network equivalent to checking a persons
drivers license or other identification card along with their name and password.

Rogue Networks
Some security factors are unique to wireless networks. Because multiple wireless networks may be
nearby, but we cant physically see which AP we are connecting to, we need to make sure clients can
only connect to the right wireless network. It can be difficult for users to be sure. Often, the only
identification a wireless device uses when connecting to the network is whats known as the Service Set
Identifier (SSID), also called its network name. For example, in the illustration below (Figure 17) the
SSID is named CorpNet.
Unfortunately, an AP that doesnt belong to us can also broadcast our SSID. This is called a rogue AP.
More precisely, it's an access point that can be seen by our network but is not authorized for operation
on our network. We can tell that it doesn't belong to us because our APs can detect its radio
transmissions and our WLAN controller will recognize that the rogue is not under our management
control.
Rogue access points are a concern because without investigation, we cannot tell if they're benign
perhaps an access point that belongs to a neighbor's wireless networkor if it belongs to an attacker. For
example, an access point could pretend to be from our network. Wireless signals are often not
directional, so an unsuspecting wireless device could see the correct SSID (broadcast by the rogue AP)
and attempt to connect to it. Attackers associated with the same rogue AP can potentially gather
sensitive information like usernames and passwords, and use them later to penetrate our network.

WLAN Controller

NSE 1: Wireless Concepts Study Guide

CorpNet

Rogue AP

CorpNet

15

Challenges to Wireless Networking Wireless Network Security

Figure 17. The Rogue Network threat.


This is another reason why robust wireless network securityincluding authentication, encryption and
advanced protection like rogue detection and mitigationis imperative. This type of site spoofing can
catch the casual wireless user unaware of the discrepancy, providing an opportunity to exploit the users
device and datapotentially without the user being aware of the intrusion.

The One Network Concept


From a security standpoint, when we connect to a network, connecting through a wired network or
wireless one is similar. Once we have made sure that physical access is secure (recalling that we use
encryption for wireless networks), security issues for both kinds of networks are very similar (Figure 18).
Networks need secure and easily managed methods of authentication at the points where the network is
being first accessed, whether an Ethernet port or an access point. Typical methods used here are captive
portal and secure authentication techniques like 802.1X.
Authentication is only basic security, however. And the wireless and wired network are all connected.
Therefore the wireless network should not be a weak point in the overall networks security. Network
administrators often need to make sure that they can apply network access policies based on role, and
examine wireless traffic for possible threats including rogue APs. Administrations often also need to
identify applications and destinations so that they can apply policies to the combination of users and
applications. This is required to prioritize traffic to make sure that the most important traffic has highest
priority.
Finally, it is critical for network administrators to have visibility of any attempted violations of policy as well
as usage so they can allocate resources appropriately. Lets not forget the necessity to track changes
made to the network. As security threats become more widespread, you may want to ask yourself if your
wireless network has all these capabilities and, if it doesn't, re-examine its security.

Figure 18. The "One Network" concept.

NSE 1: Wireless Concepts Study Guide

16

Challenges to Wireless Networking Wireless Network Security

SummaryWireless Network Security


Wireless networks have even more security threats than wired networks, especially for large, distributed
networks. With the increased trend toward mobile computingwhether using a cellular network, a simple
private network, or a large corporate networkthe risk exists for other users to view your data. This is
especially true in open wireless environments like many coffee shops and fast food restaurants that use
weak or no wireless encryption. Another threatespecially prevalent in open network environmentsis
rogue APs that attackers install, spoofing your real network by using the same SSID and trying to lure
people to use the bogus wireless network in order to exploit information. Finally, the wireless network is
often linked to a wired network, which opens the door to potential network intrusion through wireless
access. For this challenge, a security program that includes multiple security policies, appliances, and
management is essential to keeping the network secure.

NSE 1: Wireless Concepts Study Guide

17

Wireless Concepts - Summary Wireless Network Security

Wireless Concepts - Summary


With the ever-increasing trend toward mobile computing for both personal and business use, effective
and secure wireless networks have become an essential tool in the global environment. Wireless
networks have numerous similarities to their wired counterparts, but also differences. The challenges to
wireless networks are dynamicsome apply across all wireless networks, others to small networks, and
even others to large and distributed networks. You have seen examples of how the physical properties of
wirelesss shared medium affect networked communication. You have seen how these problems can be
increased when wireless networks grow. And you have seen how the all these factors combine so that
wireless presents us with some very differentand some very familiarnetwork security issues.
Wireless networking is not going away. In fact, it is growing and, along with it, evolving. Modern network
security must include a focus on wireless networks.

NSE 1: Wireless Concepts Study Guide

18

Key Acronyms

Key Acronyms
AAA

Authentication, Authorization, and

IaaS

Infrastructure as a Service

Accounting

ICMP

Internet Control Message Protocol

AD

Active Directory

ICSA

International Computer Security

ADC

Application Delivery Controller

ADN

Application Delivery Network

Association
ID

Identification

ADOM Administrative Domain

IDC

International Data Corporation

AM

Antimalware

IDS

Intrusion Detection System

AP

Access Point

IM

Instant Messaging

API

Application Programming Interface

IMAP

Internet Message Access Protocol

APT

Advanced Persistent Threat

IMAPS Internet Message Access Protocol

ASIC

Application-Specific Integrated Circuit

ASP

Analog Signal Processing

IoT

Internet of Things

ATP

Advanced Threat Protection

IP

Internet Protocol

AV

Antivirus

IPS

Intrusion Prevention System

Secure

AV/AM Antivirus/Antimalware

IPSec Internet Protocol Security

BYOD Bring Your Own Device

IPTV

Internet Protocol Television

CPU

IT

Information Technology

DDoS Distributed Denial of Service

J2EE

Java Platform Enterprise Edition

DLP

Data Leak Prevention

LAN

Local Area Network

DNS

Domain Name System

LDAP Lightweight Directory Access Protocol

DoS

Denial of Service

LLB

Link Load Balancing

DPI

Deep Packet Inspection

LOIC

Low Orbit Ion Cannon

DSL

Digital Subscriber Line

MSP

Managed Service Provider

FTP

File Transfer Protocol

MSSP Managed Security Service Provider

FW

Firewall

NGFW Next Generation Firewall

GB

Gigabyte

NSS

NSS Labs

GbE

Gigabit Ethernet

OSI

Open Systems Infrastructure

Gbps

Gigabits per second

OTS

Off the Shelf

GSLB Global Server Load Balancing

PaaS

Platform as a Service

GUI

PC

Personal Computer

Central Processing Unit

Graphical User Interface

HTML Hypertext Markup Language

PCI DSS Payment Card Industry Data Security

HTTP Hypertext Transfer Protocol


HTTPS Hypertext Transfer Protocol Secure

NSE 1: Wireless Concepts Study Guide

Standard
PHP

PHP Hypertext Protocol

19

Key Acronyms
PoE

Power over Ethernet

POP3 Post Office Protocol (v3)

SYN

Syslog Standard acronym for Computer

POP3S Post Office Protocol (v3) Secure


QoS

Quality of Service

Radius Protocol server for UNIX systems

Synchronization packet in TCP

Message Logging
TCP

Transmission Control Protocol

TCP/IP Transmission Control Protocol/Internet

RDP

Remote Desktop Protocol

SaaS

Software as a Service

TLS

SDN

Software-Defined Network

SEG

Secure Email Gateway

TLS/SSL Transport Layer Security/Secure


Socket

SFP

Small Form-Factor Pluggable

SFTP

Secure File Transfer Protocol

SIEM

Security Information and Event


Management

SLA

Service Level Agreement

SM

Security Management

SMB

Small & Medium Business

SMS

Simple Messaging System

SMTP Simple Mail Transfer Protocol


SMTPS Simple Mail Transfer Protocol Secure
SNMP Simple Network Management Protocol
SPoF

Single Point of Failure

SQL

Structured Query Language

SSL

Secure Socket Layer

SWG

Secure Web Gateway

NSE 1: Wireless Concepts Study Guide

Protocol (Basic Internet Protocol)


Transport Layer Security

Layer Authentication
UDP

User Datagram Protocol

URL

Uniform Resource Locator

USB

Universal Serial Bus

UTM

Unified Threat Management

VDOM Virtual Domain


VM

Virtual Machine

VoIP

Voice over Internet Protocol

VPN

Virtual Private Network

WAF

Web Application Firewall

WANOpt Wide Area Network Optimization


WAP

Wireless Access Point

WLAN Wireless Local Area Network


WAN

Wide Area Network

XSS

Cross-site Scripting

20

Glossary

Glossary
802.11. Refers to the IEEE standard for wireless local area network (WLAN) communication.
Access Point (AP). An access point is a networking hardware device that allows wireless devices to
connect to a wired network using Wi-Fi or related standards.
Amplitude. A measure of the power transmitted by a wave is over a single period. Amplitude is similar to
the concept of volume in sound.
Audit Trail. An audit trail is a series of records of computer events, about an operating system, an
application, or user activities. A computer system may have several audit trails, each devoted to a
particular type of activity. Auditing is a review and analysis of management, operational, and technical
controls.
ATM. Automatic Teller Machine. Electronic way to deposit or withdraw money, transfer funds, and check
account balances.
Authentication. The process of determining whether someone or something is actually who or what they
claim to be. In computer networks, the purpose of authentication is to make sure that attackers cannot
mimic authorized people.
Authentication Token. Authentication tokens (or sometimes a hardware token, security token, USB
token, cryptographic token, software token, virtual token, or key fob) are used to prove a persons identity
electronically. The token is used in addition to or in place of a password for stronger authentication, to
prove that the person is who they claim to be.
Captive Portal. A captive portal is a special web page that is shown before a user is allowed to use the
Internet. The portal is often used to present a login page.
DSL. DSL (Digital Subscriber Line) is a technology for bringing high- bandwidth information to homes and
small businesses over ordinary copper telephone lines.
Encryption. The process of encoding messages or information in such a way that only the intended
recipient can read it. The purpose of encryption is to ensure data privacy.
Ethernet. The most widely installed local area network (LAN) technology. Ethernet is a link layer protocol
in the network stack, describing how networked devices can format data for transmission to other network
devices on the same network segment.
Interference. See RF interference.
Multiplex. Multiplexing consists of combining two or more signals into a single transmission pathway or
channel.
Network Name. See Service Set Identifier (SSID).
PIN. A personal identification number (PIN) is a numeric password used to authenticate. The term "PIN"
is also now to refer to any short numeric password in other contexts such as door access, or unlocking
a smartphone screen.
Policy. Conditions, constraints, and settings that determine who or what is authorized to connect to the
network, when, and to where.
Power over Ethernet (PoE). Any of several standardized or ad-hoc systems that pass electrical power
along with data on Ethernet cabling. This allows a single cable to provide both data connection and
electrical power to devices such as wireless access points. PoE allows long cable lengths and power may
be carried on the same conductors as the data, or it may be carried on dedicated conductors in the same
cable.

NSE 1: Wireless Concepts Study Guide

21

Glossary
Rate-limiting. Rate limiting is used to control the rate of traffic sent or received by a network interface
controller. It can be induced by the network protocol stack of the sender due to a received ECN-marked
packet and also by the network scheduler of any router along the way.
RF Interference. Radio frequency interference (RFI) is the radiation or conduction of radio frequency
energy (or electronic noise produced by electrical and electronic devices at levels that interfere with the
operation of adjacent equipment.
RF Noise. See RF interference.
Rogue AP. A rogue access point (Rogue AP) is a wireless access point that has been installed on a
secure network without explicit authorization from a local network administrator, whether added by a wellmeaning employee or by a malicious attacker.
Role Derivation. Role derivation allows administrators to derive one or more roles from a single master
role. The master role serves as the template for the authorizations and attributes. Organizational levels
differentiate the derived roles from the master role and each other.
Router. A router is a networking device that forwards data packets between computer networks.
Routers perform the "traffic directing" functions on the Internet. A data packet is typically forwarded from
one router to another through the networks that constitute the internetwork until it reaches its destination
node.
Service Set Identifier (SSID). SSID is a unique identifier attached to the header of packets sent over a
wireless local-area network (WLAN) that acts as a password when a mobile device tries to connect to the
basic service set (BSS) -- a component of the IEEE 802.11 WLAN architecture. The SSID differentiates
one WLAN from another; so all access points and all devices attempting to connect to a specific WLAN
must use the same SSID to enable effective roaming.
Spoofing. To successfully mimic another person or program by falsifying identity data, thereby gaining
unauthorized access. This attack is possible when an identifying characteristic, such as an IP address, is
not authenticated.
Switch. A network switch is a computer networking device that connects devices together on a computer
network, by using packet switching to receive, process and forward data to specific destination devices.
Unlike less advanced network hubs, switches forwards data only to one or multiple devices that need to
receive it, rather than broadcasting the same data out of each of its ports.
Thick Access Point. Also called a fat AP. In wireless local area networks (WLANs), an AP with
sufficient program logic and processing power to allow it to provide routing, and often enforce policies
relating to access and usage, rather than working under the supervision of a centralized wireless
controller. In a mobile application, users moving between AP zones of coverage realize faster handoffs
with fat APs.
Traffic Profile. A traffic profile is a sequence of measures over a specific period of time. It can be
the traffic profile of a flow or a link count.
Traffic Shaping. Delay and prioritization of some network traffic to optimize use of limited bandwidth,
preventing other applications from impacting time-sensitive or important traffic.
Two-step Authentication. Two-factor authentication (also known as 2FA or 2-Step Verification) is a
technology patented in 1984 that provides identification of users by means of the combination of
two different components.
Unified Threat Management (UTM). UTM is the evolution of the traditional firewall into an all-inclusive
security device able to perform multiple security functions within one system: network firewalling, network
intrusion prevention, gateway antivirus, gateway anti-spam, VPN, content filtering, load balancing, data
loss prevention and on-appliance reporting.
Wireless Access Point (WAP). See Access Point (AP).
Wireless Controller. Also called a wireless LAN (WLAN) controller, network administrators use this to
configure and manage many thin APs.

NSE 1: Wireless Concepts Study Guide

22

Glossary
Wireless Router. A device that performs the functions of a router and also includes the functions of
a wireless access point. It is used to provide access to the Internet or a private computer network. It can
function in a wired LAN (local area network), in a wireless-only LAN (WLAN), or in a mixed wired/wireless
network.
WLAN Controller. See Wireless Controller.

NSE 1: Wireless Concepts Study Guide

23