The 802.11 standard refers to a family of specifications developed by the IEEE for wireless LAN technology. The 802.11 specifies an over-the-air interface between a wireless client and a base station or between two wireless clients and provides 1 or 2 Mbps transmission in the 2.4 GHz band using either frequency hopping spread spectrum (FHSS) or direct sequence spread spectrum (DSSS).
The 802.11a standard specifies a maximum data transfer rate of 54 Mbps and an operating frequency of 5 GHz. The 802.11a standard uses the Orthogonal Frequency Division Multiplexing (OFDM) transmission method. Additionally, the 802.11a standard supports 802.11 features such as WEP encryption for security.
802.11b is an extension to 802.11 that applies to wireless LANS and provides 11 Mbps transmission (with a fallback to 5.5, 2 and 1 Mbps) in the 2.4 GHz band. 802.11b uses only DSSS. Throughput data rate 5+ Mbps in the 2.4 GHz band.
The 802.11g standard specifies a maximum data transfer rate of 54 Mbps, an operating frequency of 2.4GHz, and WEP encryption for security. 802.11g networks are also referred to as Wi-Fi networks.
802.1x is the IEEE Standard for Port-Based Network Access Control. This is used in conjunction with EAP methods to provide access control to wired and wireless networks.
Authentication, Authorization and Accounting Server. A system to control access to computer resources and track user activity.
A device that connects wireless devices to another network. For example, a wireless LAN, Internet modem or others.
ad hoc network
A communication configuration in which every computer has the same capabilities, and any computer can initiate a communication session. Also known as a peer-to-peer network or a computer-to-computer network.
Advanced Encryption Standard – Counter CBC-MAC Protocol is the new method for privacy protection of wireless transmissions specified in the IEEE 802.11i standard. AES-CCMP provides a stronger encryption method than TKIP.
Verifies the identity of a user logging onto a network. Passwords, digital certificates, smart cards and biometrics are used to prove the identity of the client to the network. Passwords and digital certificates are also used to identify the network to the client.
Bit error rate. The ratio of errors to the total number of bits being sent in a data transmission from one location to another.
The total number of bits (ones and zeros) per second that a network connection can support. Note that this bit rate will vary, under software control, with different signal path conditions.
Used to allow an access point to respond to clients on a wireless network by sending probes.
A unique identifier for each wireless client on a wireless network. The Basic Service Set Identifier (BSSID) is the Ethernet MAC address of each adapter on the network.
A corporate certification authority implemented on a server. In addition, Internet Explorer’s certificate can import a certificate from a file. A trusted CA certificate is stored in the root store.
Cisco Compatible eXtension. Cisco Compatible Extensions Program ensures that devices used on Cisco wireless LAN infrastructure meet the security, management and roaming requirements.
Used for client authentication. A certificate is registered on the authentication server (i.e., RADIUS server) and used by the authenticator.
Cisco Key Integrity Protocol (CKIP) is a Cisco proprietary security protocol for encryption in 802.11 media. CKIP uses a key message integrity check and message sequence number to improve 802.11 security in infrastructure mode. CKIP is Cisco’s version of TKIP.
The computer that gets its Internet connection by sharing either the host computer’s connection or the Access Point’s connection.
Direct Sequence Spread Spectrum. Technology used in radio transmission. Incompatible with FHSS.
Short for Extensible Authentication Protocol, EAP sits inside of Point-to-Point Protocol’s (PPP) authentication protocol and provides a generalized framework for several different authentication methods. EAP is supposed to head off proprietary authentication systems and let everything from passwords to challenge-response tokens and public-key infrastructure certificates all work smoothly.
EAP-FAST, like EAP-TTLS and PEAP, uses tunneling to protect traffic. The main difference is that EAP-FAST does not use certificates to authenticate.
The EAP-GTC (Generic Token Card) is similar to the EAP-OTP except with hardware token cards. The request contains a displayable message, and the response contains the string read from the hardware token card.
EAP-OTP (One-Time Password) is similar to MD5, except it uses the OTP as the response. The request contains a displayable message. The OTP method is defined in RFC 2289. The OTP mechanism is employed extensively in VPN and PPP scenarios but not in the wireless world
Extensible Authentication Protocol-Subscriber Identity Module (EAP-SIM) authentication can be used with:
A SIM card is a special smart card that is used by GSM-based digital cellular networks. The SIM card is used to validate your credentials with the network
A type of authentication method using EAP and a security protocol called the Transport Layer Security (TLS). EAP-TLS uses certificates that use passwords. EAP-TLS authentication supports dynamic WEP key management.
A type of authentication method using EAP and Tunneled Transport Layer Security (TTLS). EAP-TTLS uses a combination of certificates and another security method such as passwords.
Scrambling data so that only the authorized recipient can read it. Usually a key is needed to interpret the data.
Frequency-Hop Spread Spectrum. Technology used in radio transmission. Incompatible with DSSS.
File and printer sharing
A capability that allows a number of people to view, modify, and print the same file(s) from different computers.
The threshold at which the wireless adapter breaks the packet into multiple frames. This determines the packet size and affects the throughput of the transmission.
Gigahertz. A unit of frequency equal to 1,000,000,000 cycles per second.
The computer that is directly connected to the Internet via a modem or network adapter.
A wireless network centered around an access point. In this environment, the access point not only provides communication with the wired network, but also mediates wireless network traffic in the immediate neighborhood.
Institute of Electrical and Electronics Engineers (IEEE) is an organization involved in defining computing and communications standards.
Internet Protocol (IP) address
The address of a computer that is attached to a network. Part of the address designates which network the computer is on, and the other part represents the host identification.
Local area network. A high-speed, low-error data network covering a relatively small geographic area.
Light Extensible Authentication Protocol. A version of Extensible Authentication Protocol (EAP). LEAP is a proprietary extensible authentication protocol developed by Cisco, which provides a challenge-response authentication mechanism and dynamic key assignment.
A hardwired address applied at the factory. It uniquely identifies network hardware, such as a wireless adapter, on a LAN or WAN.
Megabits-per-second. Transmission speed of 1,000,000 bits per second.
Megahertz. A unit of frequency equal to 1,000,000 cycles per second.
Message integrity check (commonly called Michael).
An EAP mechanism used by the client. Microsoft Challenge Authentication Protocol (MSCHAP) Version 2, is used over an encrypted channel to enable server validation. The challenge and response packets are sent over a non-exposed TLS encrypted channel.
Nanosecond. 1 billionth (1/1,000,000,000) of a second.
Orthogonal Frequency Division Multiplexing.
Allows any device network access. If encryption is not enabled on the network, any device that knows the Service Set Identifier (SSID) of the access point can gain access to the network.
Protected Extensible Authentication Protocol (PEAP) is an Internet Engineering Task Force (IETF) draft protocol sponsored by Microsoft, Cisco, and RSA Security. PEAP creates an encrypted tunnel similar to the tunnel used in secure web pages (SSL). Inside the encrypted tunnel, a number of other EAP authentication methods can be used to perform client authentication. PEAP requires a TLS certificate on the RADIUS server, but unlike EAP-TLS there is no requirement to have a certificate on the client. PEAP has not been ratified by the IETF. The IETF is currently comparing PEAP and TTLS (Tunneled TLS) to determine an authentication standard for 802.1X authentication in 802.11 wireless systems. PEAP is an authentication type designed to take advantage of server-side EAP-Transport Layer Security (EAP-TLS) and to support various authentication methods, including user’s passwords and one-time passwords, and Generic Token Cards.
A wireless network structure that allows wireless clients to communicate with each other without using an access point.
Power Save mode
The state in which the radio is periodically powered down to conserve power. When the laptop is in Power Save mode, receive packets are stored in the access point until the wireless adapter wakes up.
One of the networks that has been configured. Such networks are listed under Preferred networks on the Wireless Networks tab of the Wireless Configuration Utility (Windows 2000 environment) or Wireless Network Connection Properties (Windows XP environment).
Remote Authentication Dial-In User Service (RADIUS) is an authentication and accounting system that verifies users credentials and grants access to requested resources.
Radio Frequency. The international unit for measuring frequency is Hertz (Hz), which is equivalent to the older unit of cycles per second. One Mega-Hertz (MHz) is one million Hertz. One Giga-Hertz (GHz) is one billion Hertz. For reference: the standard US electrical power frequency is 60 Hz, the AM broadcast radio frequency band is 0.55 -1.6 MHz, the FM broadcast radio frequency band is 88-108 MHz, and microwave ovens typically operate at 2.45 GHz.
Movement of a wireless node between two micro cells. Roaming usually occurs in infrastructure networks built around multiple access points. Current wireless network roaming is only supported in the same subnet of a network.
The number of frames in the data packet at or above which an RTS/CTS (request to send/clear to send) handshake is turned on before the packet is sent. The default value is 2347.
An encryption key known only to the receiver and sender of data.
Subscriber Identity Module card is used to validate credentials with the network. A SIM card is a special smart card that is used by GSM-based digital cellular networks.
Silent Mode Access Points or Wireless Routers have been configured to not broadcast the SSID for the wireless network. This makes it necessary to know the SSID in order to configure the wireless profile to connect to the access point or wireless router.
Single Sign On
Single Sign On feature set allows the 802.1x credentials to match your Windows log on user name and password credentials for wireless network connections.
Service Set Identifier. SSID or network name is a value that controls access to a wireless network. The SSID for your wireless network card must match the SSID for any access point that you want to connect with. If the value does not match, you are not granted access to the network. Each SSID may be up to 32 alphanumeric characters long and is case-sensitive.
A stealth access point is one that has the capability and is configured to not broadcast its SSID. This is the wireless network name that appears when a DMU (Device Management Utility, such as Intel® PROSet/Wireless) scans for available wireless networks. It is commonly considered a weak security feature, in that it does not readily disclose the presence of the wireless network. To connect to a stealth access point, a user must specifically know the SSID and configure their DMU accordingly. The feature is not a part of the 802.11 specification, and is known by differing names by various vendors: closed mode, private network, SSID broadcasting.
Temporal Key Integrity protocol improves data encryption. Wi-Fi Protected Access utilizes its TKIP. TKIP provides important data encryption enhancements including a re-keying method. TKIP is part of the IEEE 802.11i encryption standard for wireless networks. TKIP is the next generation of WEP, the Wired Equivalency Protocol, which is used to secure 802.11 wireless networks. TKIP provides per-packet key mixing, a message integrity check and a re-keying mechanism, thus fixing the flaws of WEP.
Transport Layer Security. A type of authentication method using the Extensible Authentication Protocol (EAP) and a security protocol called the Transport Layer Security (TLS). EAP-TLS uses certificates which use passwords. EAP-TLS authentication supports dynamic WEP key management. The TLS protocol is intended to secure and authenticate communications across a public network through data encryption. The TLS Handshake Protocol allows the server and client to provide mutual authentication and to negotiate an encryption algorithm and cryptographic keys before data is transmitted.
Tunneled Transport Layer Security. These settings define the protocol and the credentials used to authenticate a user. In TTLS, the client uses EAP-TLS to validate the server and create a TLS-encrypted channel between the client and server. The client can use another authentication protocol, typically password-based protocols, such as MD5 Challenge over this encrypted channel to enable server validation. The challenge and response packets are sent over a non-exposed TLS encrypted channel. TTLS implementations today support all methods defined by EAP, as well as several older methods (CHAP, PAP, MS-CHAP and MS-CHAPv2). TTLS can easily be extended to work with new protocols by defining new attributes to support new protocols.
Wired Equivalent Privacy. Wired Equivalent Privacy, 64- and 128-bit (64-bit is sometimes referred to as 40-bit). This is a low-level encryption technique designed to give the user about the same amount of privacy that he would expect from a LAN. WEP is a security protocol for wireless local area networks (WLANs) defined in the 802.11b standard. WEP is designed to provide the same level of security as that of a wired LAN. WEP aims to provide security by data over radio waves so that it is protected as it is transmitted from one end point to another.
Either a pass phrase or hexadecimal key.
Wireless Fidelity. Is meant to be used generically when referring of any type to 802.11 network, whether 802.11b, 802.11a, or dual-band.
A stand-alone wireless hub that allows any computer that has a wireless network adapter to communicate with another computer within the same network and to connect to the Internet.
Wireless Local-Area Network. A type of local-area network that uses high-frequency radio waves rather than wires to communicate between nodes.
Wi-Fi Protected Access (WPA) is a security enhancement that strongly increases the level of data protection and access control to a wireless network. WPA is an interim standard that will be replaced with the IEEE’s 802.11i standard upon its completion. WPA consists of RC4 and TKIP and provides support for BSS (Infrastructure) mode only. (Not compatible with WPA2.)
Wi-Fi Protected Access 2 (WPA2). This is the second generation of WPA that complies with the IEEE TGi specification. WPA2 consists of AES encryption, pre-authentication and PMKID caching. It provides support for BSS (Infrastructure) mode and IBSS (ad hoc) mode. (Not compatible with WPA.)
Wi-Fi Protected Access-Enterprise applies to corporate users. A new standards-based, interoperable security technology for wireless LAN (subset of IEEE 802.11i draft standard) that encrypts data sent over radio waves. WPA is a Wi-Fi standard that was designed to improve upon the security features of WEP as follows:
WPA is an interim standard that will be replaced with the IEEE’s 802.11i standard upon its completion.
Wi-Fi Protected Access-Personal provides a level of security in the small network or home environment.
Wi-Fi Protected Access-Pre-Shared Key (WPA-PSK) mode does not use an authentication server. It can be used with the data encryption types WEP or TKIP. WPA-PSK requires configuration of a pre-shared key (PSK). You must enter a pass phrase or 64 hex characters for a Pre-Shared Key of length 256-bits. The data encryption key is derived from the PSK.