|
Term |
Definition |
|
802.11 |
The
802.11 standard refers to a family of specifications developed by the IEEE
for wireless LAN technology. The 802.11 specifies an over-the-air interface
between a wireless client and a base station or between two wireless clients
and provides 1 or 2 Mbps transmission in the 2.4 GHz band with either
frequency hopping spread spectrum (FHSS) or direct sequence spread spectrum
(DSSS). |
|
802.11a |
The 802.11a standard specifies a maximum data
transfer rate of 54 Mbps and an operating frequency of 5 GHz. The 802.11a
standard uses the Orthogonal Frequency Division Multiplexing (OFDM)
transmission method. Additionally, the 802.11a standard supports 802.11
features as WEP encryption for security. |
|
802.11b |
802.11b is an extension
to 802.11 that applies to wireless LANS and provides 11 Mbps transmission
(with a fallback to 5.5, 2 and 1 Mbps) in the 2.4 GHz band. 802.11b uses
only DSSS. Throughput data rate 5+ Mbps in the 2.4 GHz band. |
|
802.11g |
The 802.11g standard specifies a maximum data
transfer rate of 54 Mbps, an operating frequency of 2.4GHz, and WEP
encryption for security. 802.11g networks are also referred to as Wi-Fi
networks. |
|
802.1x |
802.1x is the IEEE Standard for Port-Based
Network Access Control. This is used in conjunction with EAP methods to
provide access control to wired and wireless networks. |
| AAA Server |
Authentication, Authorization and Accounting Server. A system to control access to computer resources and track user activity. |
|
Access Point (AP) |
A
stand-alone wireless hub that allows any computer that has a wireless
network adapter to communicate with another computer and to connect to the
Internet. |
|
Ad Hoc Network |
A communication configuration in which every
computer has the same capabilities, and any computer can initiate a
communication session. Also known as a peer-to-peer network or a
computer-to-computer network. |
|
AES |
Advanced
Encryption Standard. An additional replacement for WEP encryption. |
|
Available network |
One of the networks listed under Available
networks on the Wireless Networks tab of the Wireless
Configuration Utility (Microsoft(R) Windows 2000 environment) or Wireless
Network Connection Properties (Microsoft(R) Windows XP environment). Any wireless
network that is broadcasting and is within receiving range of the wireless
adapter
appears on the list. |
|
BER |
Bit Error Rate.
The ratio of errors to the total number of bits being sent in a data
transmission from one location to another. |
|
Bit Rate |
The total number of bits (ones and zeros) per second that a network
connection can support. This bit rate varies, under software
control, with different signal path conditions. |
|
Broadcast SSID |
Used to allow an access point to respond to clients on a wireless network by
sending probes. |
|
BSSID |
A unique identifier for each wireless client on a wireless network. The
Basic Service Set Identifier (BSSID) is the Ethernet MAC address of each
adapter on the network. |
|
CA |
Certificate Authority. A corporate certification authority implemented
on a server. In addition, Internet Explorer’s certificate can import a certificate
from a file. A trusted CA certificate is stored in the root store.
|
|
CCX |
Cisco Compatible
eXtension. Cisco Compatible Extensions Program ensures that devices used
on Cisco wireless LAN infrastructure meet the security, management and
roaming requirements. |
|
Certificate |
Used for client authentication. A certificate
is registered on the authentication server (for example, RADIUS server) and used by
the authenticator. |
|
CKIP |
Cisco Key Integrity Protocol (CKIP) is a Cisco
proprietary security protocol for encryption in 802.11 media. CKIP uses a key message integrity check and message sequence number to improve
802.11 security in infrastructure mode. CKIP is Cisco's version of TKIP. |
|
Client computer |
The computer that gets its Internet connection
by sharing either the host computer's connection or the Access Point's
connection. |
|
DSSS |
Direct Sequence Spread Spectrum. Technology used in radio transmission.
Incompatible with FHSS. |
|
EAP |
Short for Extensible Authentication Protocol, EAP sits inside of Point-to-Point
Protocol’s (PPP) authentication protocol and provides a generalized
framework for several different authentication methods. EAP is supposed to
head off proprietary authentication systems and let everything from
passwords to challenge-response tokens and public-key infrastructure
certificates all work smoothly. |
| EAP-FAST |
Extensible Authentication Protocol – Flexible Authentication via Secure Tunneling.
EAP-FAST, like EAP-TTLS and PEAP, uses tunneling to protect traffic. The main difference is that EAP-FAST does not use certificates to authenticate.
Provisioning in EAP-FAST is negotiated solely by the client as the first communication exchange when EAP-FAST is requested from the server. If the client does not have a pre-shared secret Protected Access Credential (PAC), it can request to initiate a provisioning EAP-FAST exchange to dynamically obtain one from the server.
EAP-FAST documents two methods to deliver the PAC: manual delivery through an out-of-band secure mechanism, and automatic provisioning.
-
Manual delivery mechanisms can be any delivery mechanism that the administrator of the network feels is sufficiently secure for their network.
-
Automatic provisioning establishes an encrypted tunnel to protect the authentication of the client and the delivery of the PAC to the client. This mechanism, while not as secure as a manual method may be, is more secure than the authentication method used in LEAP.
The EAP-FAST method can be divided into two parts: provisioning, and authentication. The provisioning phase involves the initial delivery of the PAC to the client. This phase only needs to be performed once per client and user. |
EAP-GTC |
The EAP-GTC (Generic Token Card) is similar to the EAP-OTP except with hardware token cards. The request contains a displayable message, and the response contains the string read from the hardware token card. |
EAP-OTP |
EAP-OTP (One-Time Password) is similar to MD5, except it uses the OTP as the response. The request contains a displayable message. The OTP method is defined in RFC 2289. The OTP mechanism is employed extensively in VPN and PPP scenarios but not in the wireless world |
|
EAP-SIM |
Extensible Authentication Protocol-Subscriber Identity Module (EAP-SIM)
authentication can be used with:
-
Network Authentication types:
Open, Shared,
and WPA2-Enterprise
-
Data Encryption types: None, WEP
and CKIP
A SIM card is a special smart card that is used by Global System for Mobile Communications (GSM) based digital cellular networks. The SIM card is used to validate your credentials with the network |
|
EAP-TLS |
A type of authentication method that uses EAP and a security protocol called the
Transport Layer Security (TLS). EAP-TLS uses certificates that use
passwords. EAP-TLS authentication supports dynamic WEP key management. |
|
EAP-TTLS |
A type of authentication method that uses EAP and Tunneled Transport Layer
Security (TTLS). EAP-TTLS uses a combination of certificates and other
security methods (for examples, passwords). |
|
Encryption |
Scrambling data so that only the authorized recipient can read it. Usually a
key is needed to interpret the data. |
|
FHSS |
Frequency-Hop Spread Spectrum. Technology used in radio transmission.
Incompatible with DSSS. |
|
File and printer sharing |
A capability that allows a number of people to
view, modify, and print the same file(s) from different computers. |
|
Fragmentation threshold |
The threshold at which the wireless adapter
breaks the packet into multiple frames. This determines the packet size and
affects the throughput of the transmission. |
|
GHz |
Gigahertz. A
unit of frequency equal to 1,000,000,000 cycles per second. |
|
Host computer |
The computer that is directly connected to the
Internet via a modem or network adapter. |
|
Infrastructure Network |
A wireless network centered around an access point. In this environment, the
access point not only provides communication with the wired network, but
also mediates wireless network traffic in the immediate neighborhood. |
|
IEEE |
Institute of Electrical and Electronics Engineers (IEEE) is an organization
involved in defining computing and communications standards. |
|
Internet Protocol (IP) address |
The address of a computer that is attached to a
network. Part of the address designates which network the computer is on,
and the other part represents the host identification. |
|
LAN |
Local Area Network.
A high-speed, low-error data network covering a relatively small geographic
area. |
|
LEAP |
Light Extensible
Authentication Protocol. A version of Extensible Authentication Protocol
(EAP). LEAP is a proprietary extensible authentication protocol
developed by Cisco, which provides a
challenge-response authentication mechanism and dynamic key assignment. |
|
MAC Address |
Media Access Control Address. A hardwired address applied at the factory. It uniquely identifies network
hardware on a LAN or WAN (for examples, a wireless adapter). |
|
Mbps |
Megabits-per-second. Transmission speed of 1,000,000 bits per second. |
|
MHz |
Megahertz. A
unit of frequency equal to 1,000,000 cycles per second. |
|
MIC |
Message Itegrity Check (commonly called Michael). |
|
MS-CHAP |
An EAP mechanism used by the client. Microsoft
Challenge Authentication Protocol (MSCHAP) Version 2, is used over an
encrypted channel to enable server validation. The challenge and response
packets are sent over a non-exposed TLS encrypted channel. |
|
ns |
Nanosecond. 1
billionth (1/1,000,000,000) of a second. |
|
OFDM |
Orthogonal Frequency Division Multiplexing. |
|
PEAP |
Protected Extensible
Authentication Protocol (PEAP) is an Internet Engineering Task Force (IETF) draft protocol sponsored by
Microsoft, Cisco, and RSA Security. PEAP creates an encrypted tunnel similar
to the tunnel used in secure web pages (SSL). Inside the encrypted tunnel, a
number of other EAP authentication methods can be used to perform client
authentication. PEAP requires a TLS certificate on the RADIUS server, but
unlike EAP-TLS there is no requirement to have a certificate on the client.
PEAP has not been ratified by the IETF. The IETF is currently comparing PEAP
and TTLS (Tunneled TLS) to determine an authentication standard for 802.1X
authentication in 802.11 wireless systems.
PEAP is an authentication type designed to take advantage of
server-side EAP-Transport Layer Security (EAP-TLS) and to support various
authentication methods, including user's passwords and one-time passwords,
and Generic Token Cards. |
|
Peer-to-Peer Mode |
A wireless network structure that allows wireless clients to communicate
directly with each other without an access point. |
|
Power Save mode |
The state in which the radio is periodically
powered down to conserve power. When the notebook is in Power Save mode,
receive packets are stored in the AP until the wireless adapter wakes up. |
|
Preferred network |
One of the networks that has been configured.
Such networks are listed under Preferred networks on the Wireless
Networks tab of the Wireless Configuration Utility (Windows 2000
environment) or Wireless Network Connection Properties (Microsoft(R) Windows XP
environment). |
|
RADIUS |
Remote Authentication Dial-In User Service (RADIUS) is an authentication and
accounting system that verifies user's credentials and grants access to
requested resources. |
|
RF |
Radio Frequency.
The international unit for measuring frequency is Hertz (Hz),
which is equivalent to the older unit of cycles per second. One Mega-Hertz
(MHz) is one million Hertz. One Giga-Hertz (GHz) is one billion Hertz. For
reference: the standard US electrical power frequency is 60 Hz, the AM
broadcast radio frequency band is 0.55 -1.6 MHz, the FM broadcast radio
frequency band is 88-108 MHz, and microwave ovens typically operate at 2.45
GHz.
|
|
Roaming |
Movement of a wireless node between two micro cells. Roaming usually occurs
in infrastructure networks built around multiple access points. |
|
RTS threshold |
The number of frames in the data packet at or
above which an RTS/CTS (request to send/clear to send) handshake is turned
on before the packet is sent. The default value is 2347. |
|
Shared Key |
An encryption key known only to the receiver and sender of data. |
|
SIM |
Subscriber Identity Module card is used to validate credentials with the
network. A SIM card is a special smart card that is used by GSM-based
digital cellular networks. |
|
Silent
Mode |
Silent Mode Access Points or Wireless Routers have
been configured to not broadcast the SSID for the wireless network.
This makes it necessary to know the SSID in order to configure the wireless
profile to connect to the access point or wireless router. |
|
Single Sign On |
Single Sign On feature set allows the 802.1x credentials
to match your Windows log on user name and password credentials
for wireless network connections. |
|
SSID |
Service Set
Identifier. A value that controls access to a wireless network. The SSID
for your wireless network card must match the SSID for any access point that
you want to connect with. If the value does not match, you are not granted
access to the network. Each SSID may be up
to 32 characters long and is case-sensitive. |
|
TKIP |
Temporal Key
Integrity protocol improves data encryption. Wi-Fi Protected Access utilizes
its TKIP. TKIP provides important data
encryption enhancements including a re-keying method.
TKIP is part of the IEEE
802.11i encryption standard for wireless LANs. TKIP is the next generation
of WEP, the Wired Equivalency Protocol, which is used to secure 802.11
wireless LANs. TKIP provides per-packet key mixing, a message integrity
check and a re-keying mechanism, thus fixing the flaws of WEP. |
|
TLS |
Transport Layer Security. A type of authentication method that uses the
Extensible Authentication Protocol (EAP) and a security protocol called
the Transport Layer Security (TLS). EAP-TLS uses certificates which use
passwords. EAP-TLS authentication supports dynamic WEP key management.
The TLS protocol is
intended to secure and authenticate communications across a public network
through data encryption. The TLS Handshake Protocol allows the server and
client to provide mutual authentication and to negotiate an encryption
algorithm and cryptographic keys before data is transmitted. |
|
TTLS |
Tunneled
Transport Layer Security. These settings
define the protocol and the credentials used to authenticate a user. In
TTLS, the client uses EAP-TLS to validate the server and create a TLS-encrypted
channel between the client and server. The client can use another authentication
protocol, typically password-based protocols (for example, MD5 Challenge) over
this encrypted channel to enable server validation. The challenge and response
packets are sent over a non-exposed TLS encrypted channel. TTLS
implementations today support all methods defined by EAP, as well as several
older methods (CHAP, PAP, MS-CHAP and MS-CHAPv2). TTLS can easily be extended
to work with new protocols by defining new attributes to support new protocols. |
|
WEP |
Wired Equivalent Privacy. Wired Equivalent
Privacy, 64- and 128-bit (64-bit is sometimes referred to as 40-bit). This is
a low-level encryption technique designed to give the user about the same
amount of privacy that he would expect from a LAN. WEP
is a security protocol for wireless local area networks (WLANs) defined
in the 802.11b standard. WEP is designed to provide the same level of security
as that of a wired LAN. WEP aims to provide security by data over radio waves so that it is protected as it is transmitted from
one end point to another. |
|
WEP Key |
Either a pass phrase or hexadecimal key.
The pass phrase must be 5 ASCII characters for 64-bit WEP or 13 ASCII
characters for 128-bit WEP.
For pass phrases, 0-9, a-z, A-Z, and ~!@#$%^&*()_+|`-={}|[]\:";'<>?,./ are
all valid characters.
The hex key must be 10 hexadecimal characters (0-9, A-F) for 64-bit WEP or 26
hexadecimal characters (0-9, A-F) for 128-bit WEP. |
|
Wi-Fi |
Wireless Fidelity. Is meant to be used generically when referring of any type
to 802.11
network, whether 802.11b, 802.11a, or dual-band. |
|
Wireless
Router |
A
stand-alone wireless hub that allows any computer that has a wireless
network adapter to communicate with another computer and to connect to the
Internet. Also known as an access point (AP).
|
|
WLAN |
Wireless Local-Area
Network. A type of local-area network that uses high-frequency radio
waves rather than wires to communicate between nodes. |
|
WPA |
Wi-Fi Protected Access (WPA) is a security enhancement that strongly
increases the level of data protection and access control to a wireless network.
WPA is an interim
standard that is expected to be replaced with the IEEE’s 802.11i standard upon its
completion. WPA consists of RC4 and TKIP and provides support for BSS
(Infrastructure) mode only. (Not compatible with WPA2.) |
|
WPA2 |
Wi-Fi Protected Access 2 (WPA2). This is the second generation of WPA that complies with the IEEE TGi specification.
WPA2 consists of AES encryption, pre-authentication and PMKID caching. It
provides support for BSS (Infrastructure) mode and IBSS (ad hoc) mode. (Not
compatible with WPA.) |
|
WPA-Enterprise |
Wi-Fi Protected
Access-Enterprise applies to corporate users. A new standards-based, interoperable security technology for
wireless LAN (subset of IEEE 802.11i draft standard) that encrypts data sent
over radio waves. WPA is a Wi-Fi standard
that was designed to improve upon the security features of WEP as follows:
-
Improved data encryption through the temporal key integrity protocol
(TKIP). TKIP uses a hashing algorithm to scramble the encryption keys and, adds an
integrity-checking feature to ensure that the keys have not been tampered
with.
- User authentication, which is generally missing in WEP, through the
extensible authentication protocol (EAP). WEP regulates access to a wireless
network based on a computer’s hardware-specific MAC address, which is
relatively simple to be sniffed out and stolen. EAP is built on a more
secure public-key encryption system to ensure that only authorized network
users can access the network.
|
|
WPA-Personal |
Wi-Fi Protected
Access-Personal provides a level of security in the small network or home
environment. |
|
WPA-PSK |
Wi-Fi Protected Access-Pre-Shared Key (WPA-PSK)
mode does not use an authentication server. It can be used with the data
encryption types WEP or TKIP. WPA-PSK requires configuration
of a pre-shared key (PSK). You must enter a pass phrase or 64 hex characters
for a Pre-Shared Key of length 256-bits. The data encryption key is derived
from the PSK. |
