Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
208 Cards in this Set
- Front
- Back
|
Communication range of bluetooth |
.05 miles |
|
|
Wi-fi communication range |
up to 300m (0.18 mile) |
|
|
WiMax communication range |
up to 30 miles (50 km) |
|
|
What is WiMax |
an alternative to cable and DSL communication |
|
|
What is satellite broadband |
broadband which uses a directional satellite dish that is aligned with a specific geostationary Earth orbit satellite. |
|
|
Agency that regulates radio frequency spectrum |
International Telecommunication Union-radiocommuniction sector |
|
|
what is a band |
a range of frequencies |
|
|
frequency of wlan networks |
2.4 GHz |
|
|
3 ranges that wlans, bluetooth, cellular and satellite communication occurs |
UHF SHF EHF |
|
|
UHF is frequency for (3) |
WLAN Bluetooth Cellular broadcast |
|
|
SHF is frequency for |
5 GHz WLAN Microwave communication Satellite communication |
|
|
EHF is frequency for |
60 GHz WiGig WLAN Radar landing systems |
|
|
IEEE standard number for WLAN |
802.11 |
|
|
802.11 frequency band and transmit rate |
2.4 GHz up to 2 Mb/s |
|
|
802.11a frequency band and transmit rate |
5 GHz up to 54 Mb/s |
|
|
Drawback to the 802.11a standard |
Since it transmits at 5 GHz, the higher frequency has a smaller coverage area and is less effective |
|
|
802.11b frequency band and transmit rate |
2.4 GHz 11 Mb/s |
|
|
802.11g frequency band and transmit rate |
2.4 GHz 54 Mb/s |
|
|
802.11n frequency band and transmit rate |
dual band device, both 2.4 and 5 GHz range from 150 Mb |
|
|
Distance range for 802.11n |
.5 mile |
|
|
mimo stands for |
multiple input multiple output |
|
|
802.11ad aka |
WiGig |
|
|
802.11ad frequency (3) and transmission rate |
2.4GHz, 5 GHz, 60 GHz up to 7 Gb/s |
|
|
Drawbacks to 802.11ad |
60 GHz needs line of sight, when roaming device switches to lower 2.4 and 5 GHz bands |
|
|
3 organizations influencing WLAN standards |
ITU-R IEEE WI-FI Alliance |
|
|
What does the ITU-R do |
Regulates the allocation of the RF spectrum and satellite orbits |
|
|
What does the IEEE do |
specifies how RF is modulated to carry information maintains standards for local and metro networks |
|
|
What does the Wi-Fi alliance do |
promotes growth and acceptance of WLANs. Objective is to improve interoperability of products based on 802.11 by certifying vendors who conform to this standard |
|
|
What is wifi protected setup |
simplifies device connections |
|
|
what is wifi direct |
shares media between devices |
|
|
what is wifi passpoint |
simplify securely connecting to wifi hotspot networks |
|
|
what is wifi miracast |
display video between devices |
|
|
4 characteristics of RF vs cable |
No boundary limits unprotected from outside signals same challenges as other wave based tech rf bands regulated differently in different countries |
|
|
why is having no boundaries a problem for rf |
the data frames are available for anyone to grab them. |
|
|
why is having no protection from outside signals a problem for rf |
other devices using the same or similar rf can interfere with the WLAN signal |
|
|
Transmission issues with RF |
as the signal travels further, it degrades and is lost |
|
|
What does a wireless NIC incorporate |
radio transmitter/reciever required software driver for operation |
|
|
home wireless router serves as (3) |
access point switch router |
|
|
ssid stands for |
service set identifier |
|
|
What are autonomous APs |
standalone devices configured using cli or gui. |
|
|
where are autonomous APs used |
in situations where only a couple of APs are required in the network. |
|
|
What are controller based APs |
Server-dependent devices that require no initial configuration. |
|
|
When are controller-based APs used |
where there are many APs required in a network |
|
|
Describe Cisco WAP4410N (3) |
Intro-level small business AP Configured using GUI Powered with AC or PoE |
|
|
Desicribe Cisco WAP121/WAP321 (4) |
Mid level small business AP configured/managed using gui/cli supports clustering with single point setup powered with AC or PoE |
|
|
Describe Cisco AP541N (4) |
Mid-level small business AP Configured with gui Supports controller-less clustering technology Powered using AC or PoE |
|
|
4 conditions to meet for a cluster to form between 2 APs |
clustering mode enabled on both all have same cluster name connected on same network segment use same radio mode (ie 802.11n) |
|
|
What does the Meraki Cloud Managed Architecture do |
APs are managed centrally from a controller in the cloud |
|
|
How does the Meraki Cloud man arch work |
controller pushes management settings, security settings, wireless network and SSID settings to the various Meraki APs |
|
|
3 types of wifi antennas |
omnidirectional directional yagi |
|
|
benefit of using a directional wifi antenna |
provides stronger signal strength in one direction |
|
|
what are yagi antenna |
directional antenna that can be used for long distance wifi networking |
|
|
max number of antenna that can be used per device to increase throughput |
4 |
|
|
enables a client station to send and receive rf signals |
802.11 nic |
|
|
connects wireless clients to the wired lan |
access point |
|
|
incorporates functions of a wireless access point, ethernet switch and router |
wireless router |
|
|
2 network topologies of wireless lans |
ad hoc mode infrastructure mode |
|
|
ad hoc mode is |
when 2 devices connect wirelessly withough the aid of an infrastructure device such as a router or ap |
|
|
examples of ad hoc wireless mode |
bluetooth wifi direct |
|
|
infrastructure mode is |
when wireless clients interconnect via a wireless router or ap |
|
|
2 infrastructure mode building blocks |
basic service set extended service set |
|
|
bss stands for |
basic service set |
|
|
a bss consists of |
a single ap interconnecting all associated wireless clients |
|
|
bsa stands for |
basic service area |
|
|
difference between bss and bsa |
bss=topology bsa=actual coverage area |
|
|
bssid stands for |
basic service set identifier |
|
|
what is used for the bssid |
layer 2 mac address of the ap |
|
|
ess stands for |
extended service set |
|
|
what is an ess |
a union of 2 or more bss interconnected by a wired ds |
|
|
benefits of an ess |
clients in one bsa can communicate with clients in another bsa. can move from bsa to bsa if in the same ess and still connect |
|
|
describe frame control in 802.11 frame |
identifies type of wireless frame and contains subfields for protocol version, frame type, address type, power management and security settings |
|
|
describe duration in 802.11 frame |
used to indicate remaining duration needed to receive the next frame transmission |
|
|
describe address1 in 802.11 frame |
contains the mac address of the receiving wireless device or ap |
|
|
describe address2 in 802.11 frame |
contains the mac address of the transmitting wireless device or ap |
|
|
describe address 3 in 802.11 frame |
cometimes contains the mac address of the destination such as the router interface to which the ap is attached |
|
|
describe sequence control in 802.11 frame |
contains sequence number and fragment number subfields |
|
|
what is the sequence number in 802.11 fields |
indicates the sequence of each frame |
|
|
what is the fragment number in 802.11 fields |
# of each frame sent of a fragmented frame |
|
|
describe address 4 in 802.11 frame |
usually missing because it is used only in ad hoc mode |
|
|
describe payload in 802.11 frame |
contains data for transmission |
|
|
describe fcs in 802.11 frame |
frame check sequence, used for layer 2 error control |
|
|
describe protocol version in frame control field of 802.11 frame |
provides current version of 802.11 protocol used |
|
|
describe frame type/subtype in frame control field of 802.11 frame |
determines function of the frame, control, data or management |
|
|
describe ToDS/FromDS in frame control field of 802.11 frame |
indicates whether frame is going to or exiting from the DS, only used in data frames of wireless clients associated with ap |
|
|
describe more fragments in frame control field of 802.11 frame |
indicates whether more fragments of the frame, either data or management type are to follow |
|
|
describe retry in frame control field of 802.11 frame |
indicates whether or not the frame or is being transmitted |
|
|
describe power management in frame control field of 802.11 frame |
indicates whether the sending device is in active mode or power save mode |
|
|
describe more data in frame control field of 802.11 frame |
indicates to a device in power-save mode that the ap has more frames to send |
|
|
describe security in frame control field of 802.11 frame |
indicates whether encryption and authentiation are used in the frame |
|
|
describe reserved in frame control field of 802.11 frame |
can indicate that all received data frames must be processed in order |
|
|
3 types of wireless frame |
management control data |
|
|
describe management frame |
used in the maintenance of communication such as finding, authenticating and associating the ap |
|
|
describe control frame |
used to facilitate in the exchange of data frames between wireless clients |
|
|
describe data frame |
used to carry payload info such as web pages and files |
|
|
Associate request frame flag |
0x00 |
|
|
function of associate request frame |
enables the ap to allocate resource and synchronize |
|
|
what does an association request frame carry |
device sends info about the wireless connection including supported data rates and ssid of the network to the ap. if request is accepted, connection is established |
|
|
reassociation request frame flag |
0x02 |
|
|
when is a reassociation request frame sent |
device sends it out when it drops from range of the currently associated ap and finds another ap with a stronger signal |
|
|
reassociation response frame flag |
0x03 |
|
|
association response frame flag |
0x01 |
|
|
function of association response frame |
sent from ap to wireless accepting association request |
|
|
reassociation response function |
sent from ap contains the acceptance or rejection to a device reassociation request frameframe |
|
|
probe request frame flag |
0x04 |
|
|
probe request frame function |
sent from a wireless client when it requires information from another wireless client |
|
|
probe response frame flag |
0x05 |
|
|
probe response frame funcion |
sent from an ap containing capability information, such as supported data rates, after receiving probe request frame |
|
|
beacon frame flag |
0x08 |
|
|
beacon frame function |
sent periodically from an ap to announce its presence, hello frame |
|
|
dissasociation frame flag |
0x0A |
|
|
disassociation flag function |
sent from a device wanting to terminate a connection. |
|
|
what does the disassociation flag allow the ap to do |
relinquish memory allocation and remove the device from the association table |
|
|
authentication frame flag |
0x0B |
|
|
authentication frame flag function |
sending device to ap containing its identity |
|
|
deauthentication frame flag |
0x0C |
|
|
deauthentication frame function |
sent from client wanting to terminate from another wireless client |
|
|
function of control frames in 802.11 (2) |
used to manage the info exchange between a wireless client and an ap help prevent collisions from occurring on the wireless medium |
|
|
describe request to send frame(2) |
provide optional collision reduction for aps with hidden wireless clients client sends rts in first step of 2-way handshake |
|
|
rts stands for |
request to send |
|
|
cts stands for |
clear to send |
|
|
function of clear to send frame |
provides clearance for the requesting wireless client to send a data frame including a time value |
|
|
function of the time value in clear to send frame |
minimizes the chance that other wireless clients will transmit while the requesting client transmits |
|
|
function of ack frame in 802.11 |
sent by the client after receiving an error free frame from ap. if no ack sent by a certain time, ap resends frame |
|
|
active or power-save mode status of the sending device |
power management |
|
|
identifies the frame as either a management, control or data frame |
frame type |
|
|
indicates whether encryption and/or authentication is being used |
security |
|
|
specifies which 802.11 protocol is being used |
protocol version |
|
|
indicates to an associated ap client that data is exiting a ds |
fromDS |
|
|
dcf stands for |
distributed coordination function |
|
|
4.2.2.1 |
write out sequence |
|
|
6 common configurations necessary to associate client with ap |
network mode ssid channel setting security mode encryption password |
|
|
what does network mode refer to |
802.11 wlan standards |
|
|
what is an ssid |
unique identifier that wireless clients use to distinguish between multiple wireless networks in the same vicinity. HOME-A552 for our house wifi |
|
|
what are channel settings |
frequency bands used to transmit wireless data |
|
|
what is security mode |
refers to the security parameter settings such as WEP, WPA or WPA2 |
|
|
what is the highest security setting for the home or small office |
WPA2 personal |
|
|
describe passive mode discovering of ap |
ap openly advertises its services by periodically sending broadcast beacon frames. allows clients to choose which network and ap to use |
|
|
describe active mode discovering of ap |
wireless clients must know the name of the ssid. client sends out a wireless probe request on multiple channels which include the ssid. |
|
|
2 authentication methods for 802.11 |
open authentication shared key |
|
|
describe open authentication |
provides wireless connectivity to any wireless device and should only be used in situations where security is of no concern |
|
|
describe shared key authentication |
based on a key that is pre-shared between the client and the ap |
|
|
what does the association stage do |
finalizes settings and establishes the data link between the wireless client and the ap |
|
|
aid stands for |
association identifier |
|
|
what does the aid do |
logical port that the ap maps to keep track of frames destined for the clients. |
|
|
what is a range |
allocation of frequency sections |
|
|
what does the saturation of a wireless medium do |
degrades the quality of the communication |
|
|
dsss stands for |
direct-sequence spread spectrum |
|
|
what is dsss |
a spread-spectrum modulation technique designed to spread a signal over a larger frequency band making it more resistant to interference. |
|
|
what is a spreading code |
crafted noise added to the user signal and known by the receiver to amplify the signal |
|
|
fhss stands for |
frequency-hopping spread spectrum |
|
|
what does fhss do |
hops carrier signals among many frequency channels to prevent congestion and have a more efficient use of the channels |
|
|
ofdm stands for |
orthogonal frequency-division multiplexing |
|
|
what is ofdm |
a subset of frequency division multiplexing in which a single channel utilizes multiple sub-channels on adjacent frequencies which are orthogonal to one another. |
|
|
IEEE 802.11 b/g/n operate in which level of radio spectrum? |
microwave |
|
|
2.4 GHz WLANs (4) |
802.11b 802.11g 802.11n 802.11ad |
|
|
5 GHz WLANs (4) |
802.11a 802.11n 802.11ac 802.11ad |
|
|
60 GHz WLAN (1) |
802.11ad |
|
|
2.4 GHz combined channel bandwidth is _____ with each channel separated by ______. |
22 MHz 5 MHz |
|
|
non-overlapping channels in the 2.4 GHz range (3) |
1 6 11 |
|
|
What can 802.11n do at the channel level to increase throughput |
use channel bonding which takes 2 20 Mhz channels and combines them into 1 40 MHz channel. Uses both channels at same time to delivery data |
|
|
5 things that affect the number of users on a WLAN |
geographical layout of the space # of bodies and devices in that space data rates users expect use of non-overlapping channels by multiple AP transmit power settings |
|
|
4 things to keep in mind when planning a WLAN deployment |
If APs are to use existing wires or if new wires have to be placed Position APs above obstructions Position APs vertically near the ceiling in the center of coverage area if possible Position APs in locations where users are expected to be |
|
|
What do bsas represent |
comverage area provided by a single channel |
|
|
an access point is configured to allow both 802.11b and 802.11g clients |
mixed mode |
|
|
the fundamental building block of the 802.11 wireless lan architecture |
basic service set (bss) |
|
|
hen a single bss provides insufficient rf coverage, more can be joined together |
extended service set |
|
|
e WLAN network uses these to advertise its presence to wireless clients |
beacons |
|
|
rogue aps are |
unauthorized aps installed by a well-intentioned user or willingly for malicious purpose. |
|
|
wireless intruders are |
unauthorized users attempting to access network resources. |
|
|
protecting against rogue APs |
use wireless management software |
|
|
protecting against wireless intruders |
deter intruders using authentication |
|
|
interception of data is |
data that can be easily captured |
|
|
protection against interception of data |
use encryption |
|
|
wireless dos attacks can be the result of (3) |
improperly configured devices Malicious user Accidental interferance |
|
|
ways to minimize risk of dos due to improperly configured devices or malicious attack (4) |
harden all devices keep passwords secure create backups ensure all configuration changes occur off hours |
|
|
How do malicious users typically start wireless dos attacks |
they manipulate the management frames to consume ap resources and keep channels too busy to service legitimate user traffic. |
|
|
2 common management frame attacks |
spoofed disconnect attack cts flood |
|
|
how is a spoofed disconnect attack done |
an attacker sends a series of disassociate commands to all wireless clients within a bss. |
|
|
how is a cts flood attack done |
attacker repeatedly floods the bss with clear to send frames to a bogus client. |
|
|
definition of rogue ap |
connected to a corporate network without explicit authorization against policy connected to capture client data such as mac addresses, capture/disguise data packets or start man in the middle attacks |
|
|
security disadvantage of personal hot spots |
a user with secure network access could enable unauthorized users access to network through unsecured hot spot |
|
|
how to prevent rogue ap installation |
use monitoring software to monitor the radio spectrum for unauthorized aps |
|
|
what is the evil twin ap attack |
attacker introduces a rogue ap and configures it with the same ssid as a legitamate ap. |
|
|
2 early security features of wlan |
ssid cloaking mac address filtering |
|
|
what is ssid cloaking |
aps and some wireless routers allow the ssid beacon frame to be disabled. clients must manually identify the ssid to connect to the network |
|
|
what is mac address filtering |
admin can manually allow or deny clients wireless access based on their physical mac hardware address |
|
|
2 best ways to secure a wlan |
open system authentication shared key authentication |
|
|
what is open system authenticaton |
any wireless client should be easily able to connect. should only be used in no security concern situations |
|
|
what is shared key authentication |
provides mechanisms such as WEP, WPA or WPA2 to authenticate and encrypt data between client and ap. |
|
|
describe WEP |
original 802.11 specification , data secured using RC4 encryption method with static key which makes it easy to hack |
|
|
describe WPA |
wifi alliance standard uses much stronger temporal key integrity protocol encryption algorithm |
|
|
tkip stands for |
temporal key integrity protocol |
|
|
describe WPA2 |
IEEE 802.11i industry standard for securing wireless networks, uses advanced encryption standard for encryption |
|
|
aes stands for |
advanced encryption standard |
|
|
WEP authentication method, encryption, message integrity, security |
Pre-shared key RC4 CRC-32 weak |
|
|
WPA authentication method, encryption, message integrity, security |
PSK or 802.1x TKIP MIC Strong |
|
|
WPA2 authentication method, encryption, message integrity, security |
PSK or 802.1x AES |
|
|
how does tkip work |
it makes use of wep but encrypts the layer 2 payload using tkip and carries out a message check to make sure that packets are not tampered with. |
|
|
what does the aes use to encrypt packets |
ccmp protocol |
|
|
ccmp stands for |
counter cipher mode with block chaining message authentication code protocol |
|
|
what does ccmp allow hosts to do |
recognize if the encrypted and non-encrypted bits have been tampered with |
|
|
2 types of authentication supported by WPA and WPA2 |
personal enterprise |
|
|
how does personal authentication work |
users authenticate using a pre-shared key or pre-shared password, no special server is required |
|
|
how does enterprise authentication work |
requires a RADIUS server, users must authenticate using 802.1x standard which uses eap |
|
|
RADIUS stands for |
remote authentication dial in user service |
|
|
EAP stands for |
extensible authentication protocol |
|
|
what does eap do |
provides a secure authentication mechanism and negotiates a secure private key that can be used for wireless encryption session using tkip or aes encryption |
|
|
default settings to change on a wireless router |
internet connection dhcp settings ssid name wlan security management access |
