Page 291 / 296 Scroll up to view Page 286 - 290
Reference Manual for the ProSafe Wireless 802.11g
Firewall/Print Server Model FWG114P v2
Glossary
-9
201-10301-02, May 2005
PHY defines parameters such as data rates, modulation method, signaling parameters, transmitter/receiver
synchronization, etc. Within an actual radio implementation, the PHY corresponds to the radio front end and
baseband signal processing sections.
Plug and Play
A computer system feature that provides for automatic configuration of add-ons and peripheral devices such
as wireless PC Cards, printers, scanners and multimedia devices.
Proxy server
Used in larger companies and organizations to improve network operations and security, a proxy server is
able to prevent direct communication between two or more networks. The proxy server forwards allowable
data requests to remote servers and/or responds to data requests directly from stored remote server data
Range
The distance away from your access point that your wireless network can reach. Most Wi-Fi systems will
provide a range of a hundred feet or more. Depending on the environment and the type of antenna used,
Wi-Fi signals can have a range of up to mile
Residential gateway
A wireless device that connects multiple PCs, peripherals and the Internet on a home network. Most Wi-Fi
residential gateways provide DHCP and NAT as well.
RJ-45
Standard connectors used in Ethernet networks. Even though they look very similar to standard RJ-11
telephone connectors, RJ-45 connectors can have up to eight wires, whereas telephone connectors have only
four.
Roaming
Moving seamlessly from one AP coverage area to another with your laptop or desktop with no loss in
connectivity.
Rogue Access Point
"Rogue AP" is a term used to describe an unauthorized access point that is connected on the main home or
corporate network or operating in a stand-alone mode (in a parking lot or in a neighbor's building). Rogue
APs, by definition, are not under the management of network administrators and do not conform to network
security policies and may present a severe security risk. Ideally, it is best to have some type of WLAN
system that does not allow rogue access points to easily be added to an existing WLAN.
Router
A device that forwards data packets from one local area network (LAN) or wide area network (WAN) to
another. Based on routing tables and routing protocols, routers can read the network address in each
transmitted frame and make a decision on how to send it via the most efficient route based on traffic load,
line costs, speed, bad connections, etc.
Page 292 / 296
Reference Manual for the ProSafe Wireless 802.11g
Firewall/Print Server Model FWG114P v2
-10
Glossary
201-10301-02, May 2005
Satellite broadband
A wireless high-speed Internet connection provided by satellites. Some satellite broadband connections are
two-way—up and down. Others are one-way, with the satellite providing a high-speed downlink and then
using a dial-up telephone connection or other land-based system for the uplink to the Internet.
Server
A computer that provides its resources to other computers and devices on a network. These include print
servers, Internet servers and data servers. A server can also be combined with a hub or router.
Site survey
The process whereby a wireless network installer inspects a location prior to putting in a wireless network.
Site surveys are used to identify the radio- and client-use properties of a facility so that access points can be
optimally placed.
SSID (also called ESSID)
A 32-character unique identifier attached to the header of packets sent over a WLAN that acts as a password
when a mobile device tries to connect to the BSS. (Also called ESSID.) The SSID differentiates one WLAN
from another, so all access points and all devices attempting to connect to a specific WLAN must use the
same SSID.
A device will not be permitted to join the BSS unless it can provide the unique SSID. Because an SSID can
be sniffed in plain text from a packet, it does not supply any security to the network. An SSID is also
referred to as a Network Name because essentially it is a name that identifies a wireless network.
SSL (Secure Sockets Layer)
Commonly used encryption scheme used by many online retail and banking sites to protect the financial
integrity of transactions. When an SSL session begins, the server sends its public key to the browser. The
browser then sends a randomly generated secret key back to the server in order to have a secret key
exchange for that session.
Subnetwork or Subnet
Found in larger networks, these smaller networks are used to simplify addressing between numerous
computers. Subnets connect to the central network through a router, hub or gateway. Each individual
wireless LAN will probably use the same subnet for all the local computers it talks to.
Switch
A type of hub that efficiently controls the way multiple devices use the same network so that each can
operate at optimal performance. A switch acts as a networks traffic cop: rather than transmitting all the
packets it receives to all ports as a hub does, a switch transmits packets to only the receiving port.
TCP (Transmission Control Protocol)
A protocol used along with the Internet Protocol (IP) to send data in the form of individual units (called
packets) between computers over the Internet. While IP takes care of handling the actual delivery of the
data, TCP takes care of keeping track of the packets that a message is divided into for efficient routing
through the Internet.
Page 293 / 296
Reference Manual for the ProSafe Wireless 802.11g
Firewall/Print Server Model FWG114P v2
Glossary
-11
201-10301-02, May 2005
For example, when a web page is downloaded from a web server, the TCP program layer in that server
divides the file into packets, numbers the packets, and then forwards them individually to the IP program
layer. Although each packet has the same destination IP address, it may get routed differently through the
network. At the other end, TCP reassembles the individual packets and waits until they have all arrived to
forward them as a single file.
TCP/IP
The underlying technology behind the Internet and communications between computers in a network. The
first part, TCP, is the transport part, which matches the size of the messages on either end and guarantees that
the correct message has been received. The IP part is the user's computer address on a network. Every
computer in a TCP/IP network has its own IP address that is either dynamically assigned at startup or
permanently assigned. All TCP/IP messages contain the address of the destination network as well as the
address of the destination station. This enables TCP/IP messages to be transmitted to multiple networks
(subnets) within an organization or worldwide.
TKIP
A security feature that is a WEP enhancement: Temporal Key Integrity Protocol and Message Integrity
Check (MIC) is a modification of WEP to defend against known attacks (WEP+ four patches for key
mixing, message integrity, rekeying, initialization vector protection)
USB (Universal Serial Bus)
A high-speed bidirectional serial connection between a PC and a peripheral that transmits data at the rate of
12 megabits per second. The new USB 2.0 specification provides a data rate of up to 480 Mbps, compared to
standard USB at only 12 Mbps. 1394, FireWire and iLink all provide a bandwidth of up to 400 Mbps.
VoIP (Voice over IP)
Voice transmission using Internet Protocol to create digital packets distributed over the Internet. VoIP can be
less expensive than voice transmission using standard analog packets over POTS (Plain Old Telephone
Service).
VPN (Virtual Private Network)
A type of technology designed to increase the security of information transferred over the Internet. VPN can
work with either wired or wireless networks, as well as with dial-up connections over POTS. VPN creates a
private encrypted tunnel from the end user's computer, through the local wireless network, through the
Internet, all the way to the corporate servers and database.
War Chalking
The act of making chalk marks on outdoor surfaces (walls, sidewalks, buildings, sign posts, trees) to indicate
the existence of an open wireless network connection, usually offering an Internet connection so that others
can benefit from the free wireless access. The open connections typically come from the access points of
wireless networks located within buildings to serve enterprises. The chalk symbols indicate the type of
access point that is available at that specific spot.
There are three basic designs that are currently used: a pair of back-to-back semicircles, which denotes an
open node; a closed circle, which denotes a closed node; a closed circle with a “W” inside, which denotes a
Page 294 / 296
Reference Manual for the ProSafe Wireless 802.11g
Firewall/Print Server Model FWG114P v2
-12
Glossary
201-10301-02, May 2005
node equipped with WEP. Warchalkers also draw identifiers above the symbols to indicate the password that
can be used to access the node, which can easily be obtained with sniffer software.
As a recent development, the debate over the legality of warchalking is still going on.
The practice stems from the U.S. Depression-era culture of wandering hobos who would make marks
outside of homes to indicate to other wanderers whether the home was receptive to drifters or was
inhospitable.
War Driving
War driving is the act of locating and possibly exploiting connections to wireless local area networks while
driving around a city or elsewhere. To do war driving, you need a vehicle, a computer (which can be a
laptop), a wireless Ethernet card set to work in promiscuous mode, and some kind of an antenna which can
be mounted on top of or positioned inside the car. Because a wireless LAN may have a range that extends
beyond an office building, an outside user may be able to intrude into the network, obtain a free Internet
connection, and possibly gain access to company records and other resources.
Some people have made a sport out of war driving, in part to demonstrate the ease with which wireless
LANs can be compromised. With an omnidirectional antenna and a geophysical positioning system (GPS),
the war driver can systematically map the locations of 802.11b wireless access points.
WEP (Wired Equivalent Privacy)
Basic wireless security provided by Wi-Fi. In some instances, WEP may be all a home or small-business
user needs to protect wireless data. WEP is available in 40-bit (also called 64-bit), or in 108-bit (also called
128-bit) encryption modes. As 108-bit encryption provides a longer algorithm that takes longer to decode, it
can provide better security than basic 40-bit (64-bit) encryption.
Wi-Fi (Wireless Fidelity)
Another name for IEEE 802.11b. Products certified as Wi-Fi are interoperable with each other even if they
are from different manufacturers. A user with a Wi-Fi product can use any brand of access point with any
other brand of client hardware that is built to the Wi-Fi standard.
Wi-Fi Alliance (formerly WECA – Wireless Ethernet Compatibility Alliance)
The Wi-Fi Alliance is a nonprofit international association formed in 1999 to certify interoperability of
wireless Local Area Network products based on IEEE 802.11 specification. Currently the Wi-Fi Alliance
has 193 member companies from around the world, and 509 products have received Wi-Fi certification since
certification began in March of 2000. The goal of the Wi-Fi Alliance's members is to enhance the user
experience through product interoperability (
www.weca.net
).
Wi-Fi Protected Access (WPA)
WPA is a security technology for wireless networks that improves on the authentication and encryption
features of WEP (Wired Equivalent Privacy). In fact, WPA was developed by the networking industry in
response to the shortcomings of WEP.
One of the key technologies behind WPA is the Temporal Key Integrity Protocol (TKIP). TKIP addresses
the encryption weaknesses of WEP. Another key component of WPA is built-in authentication that WEP
does not offer. With this feature, WPA provides roughly comparable security to VPN tunneling with WEP,
Page 295 / 296
Reference Manual for the ProSafe Wireless 802.11g
Firewall/Print Server Model FWG114P v2
Glossary
-13
201-10301-02, May 2005
with the benefit of easier administration and use. This is similar to 802.1x support and requires a RADIUS
server in order to implement. The Wi-Fi Alliance will call this, 'WPA-Enterprise.'
One variation of WPA is called WPA Pre Shared Key or WPA-PSK for short - this provides an
authentication alternative to an expensive RADIUS server. WPA-PSK is a simplified but still powerful form
of WPA most suitable for home Wi-Fi networking. To use WPA-PSK, a person sets a static key or
"passphrase" as with WEP. But, using TKIP, WPA-PSK automatically changes the keys at a preset time
interval, making it much more difficult for hackers to find and exploit them. The Wi-Fi Alliance will call
this, 'WPA-Personal.'
Wi-Fi Protected Access and IEEE 802.11i Comparison
Wi-Fi Protected Access will be forward-compatible with the IEEE 802.11i security specification currently
under development by the IEEE. Wi-Fi Protected Access is a subset of the current 802.11i draft, taking
certain pieces of the 802.11i draft that are ready to bring to market today, such as its implementation of
802.1x and TKIP. These features can also be enabled on most existing Wi-Fi CERTIFIED products as a
software upgrade. The main pieces of the 802.11i draft that are not included in Wi-Fi Protected Access are
secure IBSS, secure fast handoff, secure de-authentication and disassociation, as well as enhanced
encryption protocols such as AES-CCMP. These features are either not yet ready for market or will require
hardware upgrades to implement.
Wi-Fi Protected Access for the Enterprise
Wi-Fi Protected Access effectively addresses the WLAN security requirements for the enterprise and
provides a strong encryption and authentication solution prior to the ratification of the IEEE 802.11i
standard. In an enterprise with IT resources, Wi-Fi Protected Access should be used in conjunction with an
authentication server such as RADIUS to provide centralized access control and management. With this
implementation in place, the need for add-on solutions such as VPNs may be eliminated, at least for the
express purpose of securing the wireless link in a network.
Wi-Fi Protected Access for Home/SOHO
In a home or Small Office/ Home Office (SOHO) environment, where there are no central authentication
servers or EAP framework, Wi-Fi Protected Access runs in a special home mode. This mode, also called
Pre-Shared Key (PSK), allows the use of manually-entered keys or passwords and is designed to be easy to
set up for the home user. All the home user needs to do is enter a password (also called a master key) in their
access point or home wireless gateway and each PC that is on the Wi-Fi wireless network. Wi-Fi Protected
Access takes over automatically from that point. First, the password allows only devices with a matching
password to join the network, which keeps out eavesdroppers and other unauthorized users. Second, the
password automatically kicks off the TKIP encryption process, described above.
Wi-Fi Protected Access for Public Access
The intrinsic encryption and authentication schemes defined in Wi-Fi Protected Access may also prove
useful for Wireless Internet Service Providers (WISPs) offering Wi-Fi public access in "hot spots" where
secure transmission and authentication is particularly important to users unknown to each other. The
authentication capability defined in the specification enables a secure access control mechanism for the
service providers and for mobile users not utilizing VPN connections.

Rate

4 / 5 based on 1 vote.

Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top