Security+: technologies and tools - Access point [DECOMMISSIONED ARTICLE]
NOTE: This article reflects an older version of the Security+ Exam – please see the current Security+ Certification page for the most up-to-date information.
Access points can provide organizations with an effective and convenient solution for their wireless and routing needs. Due to the rise in the use of this technology, and access point has been added to the material covered on the CompTIA Security+ certification exam. This article will explore the Security+ exam objectives regarding Access point technology.
What is an access point?
An Access point is a network device that can be used to provide wireless network connection as well as routing capabilities. Access points work on the Layer 2 data link layer of the OSI model and access points that can act as a data bridge connecting a wired network to wireless devices. Access points can also act as a router by passing data transmissions between different access points.
Although Access points can be either wired or wireless, the vast majority of Access points in use today are indeed wireless. Wireless access points consist of a transceiver, which is a transmitter and receiver device, used to form a wireless LAN. Access points are themselves network devices and are equipped with an antenna, adapter, and transmitter and use the wireless infrastructure network mode to provide the connection point between a wired Ethernet LAN and a WLAN. The standard set up for an Access points contain multiple network ports which, from my personal experience, can expand a network by at least four or five ports and some as many as fifteen.
Furthermore, Access points come an all shapes and sizes and can accommodate organizations according to the organization’s relative size and need. In the organization I work in, we use an Access point as a wireless solution that has generally demonstrated more reliable than standard wireless routers.
Security+ Exam Objectives
On the exam, candidates will be required to explain:
- MAC filtering
- Signal strength
- Band selection/width
- Antenna types and placement
- Fat vs. thin
- Controller-based vs. standalone
SSIDs are unique identifiers used by wireless network devices to establish and maintain wireless connectivity to the 802.11 network. The identifiers are not unique throughout the network (multiple Access points on the same network can have the same SSID), are case sensitive, and contain up to 32 alphanumeric characters.
These devices are shipped with default SSIDs, but it is recommended to change these default settings for security reasons. Access points also have the option to either broadcast the SSID to all wireless clients in the area or to cloak the SSID by not broadcasting it. Networks that cloak the SSID of their access point will require an administrator to provide the SSID to client systems as opposed to being discovered automatically.
MAC filtering is a standard authentication method used by networks using Access points to grant access to network resources. This method allows each host to be identified by its MAC address and only host devices with designated MAC addresses are granted access. Sometimes when things work you should just go with that and in this case, MAC just plain works, no need to reinvent the wheel.
Signal strength is important when it comes to wireless connection, and this remains the case when it comes to Access point technology. A well-planned network will ensure that the signal strength of the Access point is strong enough to reach all applicable devices that have a legitimate need for access resources. On the other side of the coin, signal strength that is too strong can reach beyond your network and allow an outsider to access network resources. With this said, administrators will have to set their Access point signal strength in the Goldilocks zone where it reaches those who need it and does not reach those who do not.
Most Access point devices allow the administrator to configure the Wi-Fi band that the Access point will use. A well-planned network will have the Band selection/width of its Access point that works best for its needs.
Antenna Types and Placement
There is no right answer for what a network should use types of antennas. There are several types of antennas, and adequate consideration should be placed on choosing the right one for your network. These antennas are rated regarding what is called gain value. The gain value is expressed regarding a dBi value. Generally, a dBi value of 20 dBi is twenty times stronger than that of a dBi value of 0.
Some Access points come equipped with a default antenna that can be replaced with other antennas to change the transmission range (either reduce or increase). Some antennas are internal and obviously cannot be changed out. Access point antennas can also be viewed as either direction or omnidirectional. Directional antennas are stronger because it can force the signal into one direction, thereby allowing it to travel greater distances. Omnidirectional broadcasts the signal in a 360-degree fashion. Networks employing an Omnidirectional antenna should place their Access point in the middle of the area the desired area of coverage.
The placement of the Access point antenna is also important to consider. Antennas that are too far away from the host devices that need to use them may drop their connections. Access point antennas placed on or near the ground will experience interference as well as antennas near metal building material.
Fat Vs. Thin
Fat Access points are configured once with network and security settings, and they are left to carry out their access point functions until their day of failure. Fat Access points are also known as autonomous Access points. Thin Access points are the polar opposite. Thin Access points allow remote configuration and do not require manual configuration. This means easy reconfiguration and that configurations can evolve and change as the network does.
Controller-Based Vs. Standalone
Controller-based Access points are also known as thin clients and require a controller for centralized management (updates, configuration, etc.) and do not need to be manually configured. Generally, Controller based Access points are generally used in large environments. Standalone access points also referred to as thick access points, do not require a controller and are generally used in smaller environments.