Resources | Resources |




Access point
Wireless access points (APs or WAPs) are specially configured nodes on wireless local area networks (WLANs). Access points act as a central transmitter and receiver of WLAN radio signals.

Authentication is any process by which a system verifies the identity of a user who wishes to access it, Authentication is essential to effective security.

Authentication may be implemented using credentials, each of which is composed of a user ID and password. Alternately, authentication may be implemented with smart cards, an authentication server or even a public key infrastructure.

Basic service set identifier (BSSID)

A unique address that identifies the access point/router that creates the wireless network.

The four address fields used to denote the Basic Service Set Identifier (BSSID) are the source (SA), destination(DA), transmitting station (TA) and receiving station (RA) addresses; for each address 48-bits are used to uniquely distinguish each member of the BSS (STA, AP and so on)

A set of claims used to prove the identity of a client. They contain an identifier for the client and a proof of the client's identity, such as a password. They may also include information, such as a signature, to indicate that the issuer certifies the claims in the credential. Credentials can be acquired only through authentication.
Encryption is the process of transforming information (referred to as plaintext) using an algorithm (called cipher) to make it unreadable to anyone except those possessing special knowledge, usually referred to as a key.
Extensible Authentication Protocol (EAP)
EAP is an 802.1x standard that allows developers to pass security authentication data between RADIUS and the access point (AP) and wireless client. EAP has a number of variants, including: EAP MD5, EAP-Tunneled TLS (EAP-TTLS), Lightweight EAP (LEAP), and Protected EAP (PEAP).
Protected Extensible Authentication Protocol (PEAP)

The Protected Extensible Authentication Protocol is a protocol that encapsulates the Extensible Authentication Protocol (EAP) within an encrypted and authenticated Transport Layer Security (TLS) tunnel

PEAP is similar in design to EAP-TTLS, requiring only a server-side PKI certificate to create a secure TLS tunnel to protect user authentication, and uses server-side public key certificates to authenticate the server.

A device with the authority to issue and revoke credentials to a network. A registrar may be integrated into an access point, or it may be separate from the access point.
Temporal Key Integrity Protocol (TKIP)
The Temporal Key Integrity Protocol, pronounced tee-kip, is part of the IEEE 802.11i encryption standard for wireless LANs. TKIP is the next generation of WEP, the Wired Equivalency Protocol, which is used to secure 802.11 wireless LANs. TKIP provides per-packet key mixing, a message integrity check and a re-keying mechanism, thus fixing the flaws of WEP.
WIFI Protected Setup (WPS)

WPS is a standard for easy and secure establishment of a wireless network. The goal of the WPS protocol is to simplify the process of configuring security on wireless networks, The standard achieves its goal by putting much emphasis into usability and security.

One of the well known model of WPS is the PIN Method, in which a PIN (Personal Identification Number) has to be read from either a sticker on the new wireless client device (STA) or a display, if there is one, and entered at the "representant" of the network, either the wireless access point or a registrar of the network.

Wired Equivalent Privacy (WEP)
WEP was a data encryption method used to protect the transmission between 802.11 wireless clients and access points. However, it used the same key among all communicating devices. WEP's problems are well-known, including an insufficient key length and no automated method for distributing keys. WEP can be easily cracked in a few hours with off-the-shelf tools.