 My name is Ken Mayer, I'm going to be your instructor on this course. Now I've been involved with something that has initials like information systems, information technology, since the very early 80s. So if you did the math, let me just tell you I started when I was fifth grade. I'm not as old as you think. So over that time, obviously there was a point where there was no wireless. And so I worked with networks, network infrastructure, routers and switches with operating systems. You know, all kind of stuck in that wired type of medium. I mean I was, well unfortunately, a young adult when I saw my first cell phone. But anyway, eventually we moved into wireless. And I've worked a lot with wireless types of deployments, obviously with training as well. Primarily my focus has been with Cisco's wireless solutions, with some firewalls wireless solutions like the old net screen that became part of Juniper. I worked with some training and deployments of Aruba networks as well. So I think that I have at least a pretty good idea about how to actually configure these devices. But what's important here is that I'm going to convey to you what we know about the different standards and how you can figure out how to actually do the configuration of the actual specific product. But I want you to be able to know the different standards, the different goals. And I've done a lot of work in the world of security. Ethical hacking, you know, for wired or for wireless or for operating systems. And so I'm hoping that I'm going to take the knowledge that I have and to be able to apply it specifically in the wireless arena to be able to help you get better with wireless security. Now in this module we're going to start off with what we call the wireless LAN security overview. And just remember it is designed to be an overview. My goal here is to introduce some topics that we're going to see as we go through our course and to kind of give us, you know, just that little bit of a carrot to make sure that you want to keep going through. Some of the nicest things that we see about this particular course is that we are dealing with wireless which is very popular and security. So, I mean, how do we go wrong? We're doing both. So what we're going to do in this module is talk a bit about the history. Where did we come from when it came to the security of wireless networks? We're going to talk about the different standards organizations such as the ISO or the Internet Engineering Task Force, the IETF. We'll also take a look at a review of the OSI model, very important for networking. Even though we're going to be focusing at layers one and two, but we'll talk about that. We'll take a look at the ISOC hierarchy. That hierarchy will kind of give you an idea again about how these different organizations work together, including things like the Wi-Fi Alliance standards. We'll talk a little bit about the basics, hopefully a review for all of you that are here in the security part of this for 802.11. We'll look at different types of connections. Some of the 802.11 security basics, data privacy. We'll talk about the AAA, the authentication authorization and accounting, segmentation, monitoring, policies. And then, of course, we'll move into the security standards that we first started seeing introduced with the 802.11 I. And that includes, of course, the wired protective access, the WPA. We'll also talk about robust secure networks, or RSN, and talk a bit about the future of 802.11 security. So let's talk a little bit about where we came from. So back in 2007, the IEEE with the 802.11-2007 defined what a wireless local area network is, or what we call the WLAN. And if you think about it, we've always been working with security on our wired networks. And when I say we've always looked at that, because it was pretty easy, right? We contained the signal within a copper or fiber cable, and we always have to worry about still encrypting traffic because people could sniff those particular signals as they were being sent from one device to the other, or do other types of malicious things like man in the middle to be able to grab that information. So we got into things like encryption and certificates and all of those sort of things. But it was bounded by that medium. And when we think about wireless, now of course here, we're emitting radio frequency. So anybody with a radio was able to pick up on those transmissions. And when we first started looking at wireless, we really didn't have a security mechanism in there, other than distance, right? I mean, if you were a mile or two miles away from my access point, I wasn't worried about you eavesdropping on my traffic. If you were sitting out in my parking lot, then I was a little bit more worried. Of course, Wi-Fi standards have changed now where we are covering great distances with wireless, but we'll get into some of that a little bit later, at least on the security aspects. So originally, everybody had kind of a bad taste for the feeling of how secure a wireless local area network was. I mean, they are easy to implement because we didn't have to worry about cables. We just had to worry about placement of an access point and making sure that it was connected to the wired network. Now, what we're going to see as we go throughout this course is how much more secure wireless can be for us. So what we're going to do is we're going to look at some of the security mechanisms that we're going to talk about. And I'll try to give you a good 30,000-foot view, maybe even a 10,000-foot view, at least during this particular module, with things like encryption and authentication, what authorization means, and the use of segmentation through what we call the virtual local area networks or the VLANs. And most of what we're going to do is, like I said, we're going to focus at layer two, a bit about layer one. But, you know, at this point, we're assuming that you're pretty comfortable with the 802.11a's, b's, g's, n's, a's, and those types of things. Now, we are going to mention a lot of the different standards. And of course, there's different organizations that present those standards to us. So as we're moving throughout this course, you'll see a lot of these being listed and how they helped build the foundation for security, as well as for the different types of wireless access that we have. One of the first ones that you'll see is the ISO, the International Standards Organization. They're the ones that created what we call the Open System Interconnect Model or the OSI model. The IEEE, the Institute of Electrical and Electronics Engineers, they create a lot of the standards for compatibility and coexistence between network equipment, not just wired but also wireless. And if you think about it, that's very important because how difficult would it be if all of the vendors that were involved in wireless were using their own standards. Then we were kind of stuck with one company or another company and wouldn't have that compatibility or interoperability. Probably even more difficult for our clients trying to install the right software for a proprietary solution on all of the different laptops or mobile devices that we use. The IETF, the Internet Engineering Task Force, also creates internet standards as they integrate into the wireless and wired networks. And the Wi-Fi Alliance is designed to help perform certification testing. So, you know, that's a little tag that you see if you're buying any type of wireless device and you see the Wi-Fi Alliance and you know that it's been tested and should work with any multi-vendor solution that you have. All right, so I do want to talk a little bit about the OSI model, the Open System Interconnect. And when we look at this, we generally draw a line and we talk about having these upper layers and these lower layers. And I don't think there's anything wrong with us going through this. If you've never seen it before, then this can be important just to get an idea of what's happening all throughout our network when it comes to both the wired and the wireless. But I'm not going to spend a lot of time on the upper layers. That's a little bit outside of the scope of what we want to look at. But I will start at least at layer seven, the application layer. And that's basically anytime we interact with the operating system. Now, I know you might hear different definitions like applications like web browsing, HTTP or FTP for file transfers, or you know, different things, but that is what we're doing is we're, you know, as people are interacting with the operating system. They have a presentation layer. I like to call that the format. And the biggest thing here I can just say is, you know, sometimes I used to say it's how things are stored. But that didn't make sense because everything is stored in binary as ones and zeros, whether it's a solid state drive or a hard drive. But the format made sense because if we were to look at like graphic files, the way in which we encode a JPEG would be different than, you know, the old bitmaps or any of these other things or if we went into audio files. We used to have a lot of WAVE files before MP3 got popular. And that's all it is. It's a way in which we encode or format information. And that's information that's going to be read, obviously, by the application at some point. And then the session information, we generally look at it as kind of an interaction of, you know, a client, I'll draw on my laptop, let's say to a server. And let's say you're ordering something online and you're not the only one probably ordering from this particular web server. And you would like to make sure that customer A's orders doesn't get mixed up with customer B's. So we create sessions, ways of being able to separate the different traffic streams so that we can make sense out of them. And that's about all I want to say there. Now what I'm going to do is I'm going to move down to layer one. But before I do, again, that IEEE standard and everything that follows under 802.11 dash 2007 is going to define what happens for us at layers one and two. And so I'm going to talk both about wired and wireless a bit just so we have a good idea of what we mean at these different layers. So as an example, the physical is really what we decided to call media or the medium that you send information. And we refer to them as bits because whether it's wired or wireless we are still sending a bunch of ones and zeros. And that information has to be able to be transmitted. Now obviously, in the wired network we often have things like copper. Some people might call it cat five, cat seven, cat five E. Some people just call it an ethernet or a twisted pair or whatever that copper wire is. It's just a way of transmitting ones and zeros. Obviously we also had fiber or what some people would call optical which does the same thing. It's transmitting ones and zeros, but doing so by, you know, the way in which it sends the photons, the light beams down the actual cables. We are going to be, of course, focusing on radio frequency. That's what we wanted to be able to distinguish and talk about ways of securing those transmissions. And so RF is a part of what we would look at at layer one. And there are, of course, in some of the more basic courses we talk about the different methods in which we can transmit this information. You know, whether it's frequency hopping or any of the other types of options that are out there. But our goal is not to worry about how we're transmitting in this course. It's about how to secure what's being transmitted. All right, so then comes the data link layer. Now the data link layer is a little trickier. It actually has two sub-layers. One that interacts. We'll call it the MAC layer with layer one. And then the other, the link layer, that sub-layer, I should say, that makes its attachment or helps communicate with the networking addresses. And so, again, we're going to focus on this part of it. But really what we're talking about here at layer two is a way of forwarding traffic. And by forwarding traffic, we're going to do so generally by hardware addresses. In our case of the MAC address that we call the media access control. And so traditionally, in a wired network, what we would have seen is an object that we often called a switch. And on a switch, you would have a number of end stations connected to it, maybe another switch connected to it. And as traffic would come in, the switch would look at its MAC address. Inside that switch would be a MAC address table that would associate with specific ports. And so the switch would look at that MAC address and say, oh, okay, I know where to send that traffic. I'm going to send it out to whichever port is out there. So we didn't have any broadcast. Unlike, well, if I went back to layer one and talked about a wired network. And we could almost make this analogy with radio frequency, too. When we had a hub, the problem with the hub was when the traffic would come in, it would automatically go out every single port so anybody who's connected to it would be able to hear that traffic. So it wasn't inherently very secure. Can't we say that about radio frequency? Rick is from an access point. Let's see how well I can draw my little robot access point. As we're sending out radio frequency, anybody with a radio can hear that traffic. So in a way, it kind of sounds like that wired hub, at least in the way I'm trying to describe it. And so when we went into the data link layer, we were able to make more intelligent forwarding decisions. And for us, it's kind of important to understand what's happening because if you think about it in our setup, we're going to have an access port that is hardwired into a switch. And so while we're doing radio frequency to connect to whatever portable device is out here, that information is going to be translated into an electrical signal from the access point, and it's going to eventually go into the switch where, again, it will be forwarded based on its MAC address. And of course, there could be multiple access points out here. And we know that we also look at the MAC address of the access point. So we know which one we're associated with. And so that's, again, things that we're going to look at at the data link layer. But we are going to want to talk about ways to encrypt our traffic and what that process is going to be like so that the communications between these wireless devices and the access point or the two stations, whatever words you want to use, we'll be able to secure that traffic. And we want to talk about, and we'll talk about security when we get into the wired network through things like segmentation and being able to say, well, you're a guest, so I only want you to be able to get to the internet from my network. And if you're an employee, I want you to be able to get to the local area network and to the internet or whatever else we want to secure. So it's more than just encrypting the signal that we're transmitting through radio frequency. It's also going to be on the wired side that we want to talk about security options. All right, so now to get beyond layer two, and the problem with layer two, I don't know if I have enough room to keep drawing this in here, is that we had what we called a broadcast domain. And what that just simply meant is that if I had a bunch of switches connected to each other and your host sent a broadcast in here, it would go throughout the entire network. And the more hosts that I would add, the more broadcast traffic, and it would start to eat up your bandwidth. And so we wanted to find a way to break up those broadcast domains. And one of the ways to do that was to create a logical address for each broadcast domain. And we did that primarily by introducing what we call IP addresses, Internet Protocol. We're not going to get into the differences between IP4 and IP6 throughout this course, but it's, I think, important just to understand what's happening. So the idea was that if I wanted to stop the broadcast, I could put in a layer three device that we normally called a router, and that router would look at the IP address and figure out the best way to send that traffic without allowing broadcast traffic to go through. And so that's what we see when we get into the IP address, is that each of these broadcast domains would have their own network addresses, and the router, like I said, wouldn't allow the broadcast through, and so we would have just unicast traffic. At the transport layer, we're talking about our communications protocol. How do the machines talk to each other? Why can Macs talk to PCs, talk to Linux, and the rest of them is because we're speaking the same language. And without getting too far into those languages, we used primarily two different protocols. One is the transmission control protocol, TCP, which is meant for unicast, meaning one-to-one traffic, and UDP, which is designed to work as a multicast or as a broadcast type of transmission, meaning from point-to-multipoint or broadcast to everyone. And that's the user datagram protocol. So hopefully that's built kind of a good foundation, and I hope that I've kind of cleared up where we're going to look. We obviously are going to really focus on layer one and layer two. And this little thing I talked about over here with the segmentation, that's where we're going to get into the VLANs and have a good understanding of how we use VLANs to separate our traffic, and that's also something that happens at layer two. So that's, hopefully like I said, giving you the introduction of all of these things that we want to talk about and of course where our focus is going to be. So we're going to at least kind of take a look again at the different groups that we work with, under what we call the Internet Society or the ISOC. And here's where you're going to kind of get an idea of some of the breakdowns. So we have the, at least if we take this little trail off here to our left, we have the Internet Architecture Board. We won't talk too much about what they do for us, but they are a group that is going to be working with things like the Internet Engineering Steering Group. And they're kind of the ones that come up with broad ideas that we see the Internet Engineering Task Force work with. And, you know, the IETF does quite a bit for us. I mean, they certainly talk about ideas for Internet. I mean, they're the ones that developed many of the routing protocols, maybe deal with real-time applications or applications, ideas for security. They're the ones that are going to basically, you know, whether it's just a general category, operations and management, routing, transport layer, most all communications, right, based on the Internet. Are going to be dealt with by the IETF. And they're constantly coming up with better methods of doing these communications or new methods of these communications. And they often publish them as RFCs or what we call Request for Comments. Now, going on to the next side, the ICANN, the Internet Corporation for Assigned Names and Numbers. They're the ones that are going to deal with things like IP addresses or whether or not you can have a .org or .com or, you know, a lot of these different names and numbers, autonomous systems for routing protocols. You know, so we're going to work with those as well. Well, at some level, somebody will. We're not going to get too far into that at this point. We're going to really kind of focus on what we see the IETF doing for us. And the Internet Architecture Board, as you can see also, is going to be dealing with the Internet Research Task Force. And again, that's what I said. You know, between the two of these guys, they're going to come up with these great ideas. And then through the IETF, we're going to try to come up with these proposals. The nice thing about an RFC, whether it's for security or for anything else, the great thing about that is the fact that it's a collaborative effort. Everybody that's a member can improve on an idea. So, you know, when we get in and talk about RFCs, there might be one RFC that everybody lists for the final product. So, I mean, even if it came up to just establishing, you know, things like routing protocols, as I mentioned before, one of the things that are listed here. You know, it wasn't just one brilliant paper. It was a combination of everybody adding on to each RFC. And of course, as they do, then the RFCs get numbered higher and higher and higher. But that is why it is called a Request for Comment, because that's what we're encouraging, is having the Internet community comment and try to make all of our protocols even better. Now, remember the Wi-Fi Alliance. It's been around since 1999, had a different name before that. They changed it in 2002 to the Wi-Fi Alliance. So, it's been around for a while. Remember, they're the ones that are trying to verify that you meet certain standards. And this is, again, just kind of designed to be a little bit of a review of the standards that are out there. One of the first ones, of course, is the way in which we send our signals, you know, both the frequency and the different methods of encoding. So, as just a quick review, some of the things you might see here are things like 802.11a. Now, you might think that since it has the lowest letter on the alphabet that that would have been the first, latest and greatest. One that operated, as just a reminder, right at 5 GHz, had data speeds up to 54 megabits per second. But the problem with that frequency was that it wasn't what we call the junk band. The junk band being what we call the industry scientific and medical, which was at the 2.4 GHz range. And that was one that was unlicensed. And so, even though we might see this 802.11a and think, oh, that sounds great, but, you know, everybody used B, which was at the 2.4 and had only 11 megabits of throughput. You might say, well, why did we want to go with a standard that was sharing a frequency with your microwaves and your remote control cars and everything else out there? Well, the biggest reason, of course, was the cost. This was a cheap equipment to buy compared to going to the 5 GHz range. Then we saw some improvements in the methods in which we did encoding with 802.11g, which got us up to speeds, again, up to 54 megabits per second. And that, of course, like I said, that was G. Then we were all excited when 802.11 came out, 802.11n, because we could do either 2.4 or 5, and we had higher speeds. You know, some would say 100 megabits plus depending on what's out there. And the recent ones that I hope that you've seen or researched is AC. AC is promising gigabit per second speed for throughput. So some amazing things as we're watching the technology improve. And if you think about it, gigabit throughput for wireless is just an incredible idea. And that's going to, you know, for a lot of you who are working at a wired end station, you might still be on a 100 megabit fast ethernet and might not even have the gigabit access. But we certainly are seeing that we are moving this into a good enterprise production field. Some of the other things that they would, again, try to make sure that we are, or at least as a, remember, the goal is to certify you here. They didn't define these standards. They're just making sure that you're there. We are going to talk a lot more about WPA and WPA2, the Wi-Fi protected access, and the differences between those, especially when we're going to get into an enterprise solution for security. So we'll cover more of these in more detail. Again, there's a Wi-Fi protected setup, a Wi-Fi protected access that they're going to make sure that we're set up for, which, again, is a part of what we're going to get into later on to talk about the robust security network. And there are two versions of the WPA2. One, of course, is the personal, which would be great for your home users, and one that is the enterprise when, again, when we break it down, we're going to talk about how we use some external authentication mechanisms for WPA2. Sorry, I just kind of went off target there. But it's still part of that protected access where we defined, see, I didn't go too far off topic, that's kind of a part of the WPA2. The Wi-Fi multimedia, the WMM. So here we're going to start, well, we'll introduce it. Quality of service is an important aspect because there are a lot of Wi-Fi voiceover IP phones or streams that are more important than others. I've got somebody who wants to download the latest and greatest pictures from Facebook that might interfere with traffic that's more important so we can provide some of those accesses to that multimedia, especially because multimedia has a big deal with latency. I mean, if there's too much time lag between the time you say hello on the telephone and the other person finally answers back, you think you're on a walkie-talkie or CB radio rather than on a quality voice circuit. The WMM PowerSafe, the PS, is great for all those things I call the BYOD, that bring your own device, laptop or tablet or smartphone or whatever we have today. But who knows, maybe in another couple of years we'll be talking about your wristwatch or something else. But it's designed to help conserve battery and that's an important issue basically being able to send a wake-up call when traffic is coming in there. The CWGRF, the Converged Wireless Group RF Profile, Radio Frequency Profile. Converged means that we are mixing different types of traffic and this is where, so we are going to focus obviously up here on this 802.11, but there are other types of traffic that we might deal with which is a little bit out like I said of our purview of this course. So that's my cell phone by the way for those of you who don't remember the old flip phones where you pulled out the antenna. Maybe it's just me because I'm so old or been around here for a while. But they do radio frequency as well, only they're connecting to a cell tower. And so we're seeing layer one up to this point and from the cell tower converting it into layer two as it gets into their actual network, what we call the home agent of where they connect. And if you think about it, they're converging today when we start talking about things like 4G networks and one of the new buzzwords is like voice over LTE that they call Volte. And so we are converging, actually packetizing the voice and the data on the same signal. So that's an example of a converged one of those types of networks. And the last one here, the voice personal application. Again, it's for residential or small business Wi-Fi networks where you might again be mixing voice and data traffic, maybe even traffic for printers. So you could almost call this kind of a converged idea as well. But more or less converged for the smaller, what we call the remote office, branch office, the robos or some people call them SOHOs, the small office, home office. Now we're going to assume that you already have the networking basics down for 802.11. Remember that the 802.11 standards are based on the OSI layers one and two. One of the things I mentioned about layer one of course was the medium, but layer two was things like switches or in this case access points. And that's going to be important when we talk about the different layers. So at the moment the assumption is that you know what the basics are and that you know how wireless is working at both layers. Remember our goals to talk about securing that traffic. But we also want to make sure we have a good idea of the overall picture of the network and how the two wireless and wired work together in a standard type or best practice type of distribution or layers. And we call the layers core distribution and access. The access layer is basically where everybody connects. When I say everybody, whether you're off of a wireless access point, whether you're connected on a wired switch, that's the access layer. It's how you get in. To get from where you are to some other users or some other server or resource, you're going to go through a distribution layer. And depending again on the size of that corporation, you may even have to go into the core infrastructure to be able to get to other distribution areas to get to other access layers. And I'll draw that out for you here in just a second. But to make sure that, like I said, you're just getting the big picture of what's actually happening and where we're going to be living as far as our security concerns. So when we take a look at the access layer, as I said, I'll put in the PCs whether they're wireless or not. That's where they're connecting into things like the switches. So the squares are switches. And of course for us, we might have our discussion about having the wireless access point. Maybe we're doing an extended service set. Maybe roaming, whatever the case may be. But either way, we're at the access layer. And that's where everything is at. And let's say somewhere else in our network we have a server farm that we want to be able to access. Or maybe we have, as I said, access to the internet or whatever the case may be. But that's where we're going to get into the distribution layer. That I'll just abbreviate here is a lot of where we see routing going on. That's going into the IP address idea. So imagine if you were that you were connecting wirelessly here at one point of the network, maybe even in a different part of the building, you're going to have to be able to get out of the access layer to the distribution layer. And the distribution layer could just easily enough take you through routing to some of the location. Now, we also talk about the core. The core is where we do all of the high speed. By the way, when we are talking about security, we are going to be looking at the access layer. But just technically speaking, your wired security is going to be happening at the distribution layer. The core layer is nothing about speed, or I should say is not nothing about speed. It's all about speed. No real sense of security there. We just want traffic to move as quickly as we can. And as I said, it might be that it's connecting to a server farm or some other set of resources that also require high speed connectivity, right? And again, we may have to go from the distribution layer to the core, but again, it's the distribution layer that got us there, going through the core network to get to that server farm. Or as I said, it could be leaving that core going out to the cloud where I'm going to put the evil spy looking thing. By the way, that's supposed to be a mustache from, if any of you ever saw Bullwinkle and remember Boris, he always had that little evil mustache. But that's my internet cloud. And again, we often look at that as well as having the high speed connections off of the core. So that's your big picture. And as I've said already once, say it again, we are going to focus on security, but we're going to be doing that here at the access layer. And then we'll let the wired security people take care of the security in their own distribution layer. Now there are different types of connections that we're going to talk about. And again, remember, these are different layers. It depends on what we're looking for. But if we're talking about wireless connectivity, one type of connection is a point to point. It might be often what we call a wireless bridge, where you may be doing a wireless from one building to another building to bridge them together rather than running cables in between. I've seen that happen a few times because of poor planning when it came to moving a building. As an example, I remember a university who moved their ticket office from the stadium to a place across the street. In the city there, wouldn't give them the permission to dig up the road to be able to string cable between. They didn't want to pay to go through a service provider for what amounted to a 60-foot run. So they were looking at ways of doing a point-to-point connection. The most common Wi-Fi connection we see is point-to-multipoint. We had that single access point that is connecting to multiple different wireless devices. So it is a one-to-many. Also in the world of security, which we will look at as far as some of the other options, are things like the wireless LAN controllers. Those are things that are going to give us mobility, can help increase security, help us with segmentation, and it's generally a communication from the access point to that centralized wireless LAN controller. In fact, you might have multiple wireless LAN controllers that are being controlled by a single wireless LAN controller controller. For example, Cisco calls it the WCS, the wireless LAN controller's ability to work with multiple ones of those. We are going to get into some of the security options, especially the WPA2 enterprise, where we have to have authentication points, whether it's an Active Directory server, or it's a Radius server or a TACAC server, but it's a place where the access point can collect your information and verify that you are the right person. And of course, there might be those types of anonymous access that we see at your local coffee shop or eatery that everybody's now saying, okay, hey, come eat here, come have a coffee, you can read your paper, you can surf, you don't have to log in or have any accounts. So when we look at the 802.11 security basics, there are going to be five major components that we want to work with. One is the data privacy. We'll call that the encryption. The other are the AAA services. Again, that was the authentication, who you are, the authorization, what you can do, and the accounting, which is keeping track of what you did. Segmentation gets us into the wired network for the most part. Again, we'll look at that with the VLANs. Obviously, we want to be able to monitor what's happening. We can do that either by just looking at logs on the access point, or if we're using a centralized wireless LAN controller, that often is going to be able to not only monitor, but be able to tell you about where somebody's moving, how they're roaming, any unexpected devices, or even any unexpected types of access points that we call rogue types of options, or rogue access points. And then, of course, policy. Policy could be corporate policy. Corporate security policy could be laws and regulations and the jurisdiction in which you're operating that you have to follow. Now, there are some other types of security devices. I mentioned how the wireless LAN controller can help you with monitoring, or even send off alerts if it does something like rogue detection. And again, rogue detection is finding that wireless access point that doesn't belong. Maybe somebody brought one into the office because they wanted to be able to pick up their laptop and move around, and you won't give them an access point. So it's not uncommon. People will bring their own type of access, and that's always a bad thing because then they're creating a new method of connecting into your network without going through your security settings. There's also tools like the wireless intrusion detection systems and those, again, can be very important for us. Intrusion detection is not just malware, but again, might be a part of the rogue detection, whether it's an access point, or maybe an unexpected device connecting to our network that shouldn't be there.