Copyright Goodheart-Willcox Co., Inc. 453 Chapter 14 Wireless Network Security Additionally, APs should be monitored for firmware updates, which should be down- loaded and installed in a timely fashion. Wireless access points and controllers should also be physically secured to protect against tampering and theft. Fat vs. Thin Access Points A fat access point is a network device that exists independently from other network devices and can manage authentication, encryption, and other wireless functions. Fat APs are sometimes called autonomous APs because they do not rely on other devices to perform necessary functions. Fat APs contain all the necessary software to handle all aspects of the network, from configuration to encryption. Fat APs are often used in home or small-office networks due to their autonomy, but in large networks, such as those on college campuses, the amount of time spent configuring each indi- vidual AP would be too great. In these scenarios, the use of multiple thin access points is a better option. These type of access points present a weak security vector they are individually configured and require vigilant maintenance and updates. A thin access point is one that does not contain all the management and con- figuration functions found in fat APs. Its primary responsibility is to receive and transmit wireless data. The bulk of the configuration for thin APs is performed at a wireless connection switch, so each AP does not need to be configured manually. Not only does configuration at a switch save time, but it also ensures the same security settings are present on every access point. This reduces possible configuration errors or security vulnerabilities. Stand-Alone vs. Controller-Based APs Even though thin APs can be configured universally at a connection switch, both fat and thin access points are considered stand-alone access points. A stand-alone access point (stand-alone AP) is an access point that requires individual configu- ration but has appropriate functionality to accept data and forward it to the appro- priate device. A simpler, more consistent option is to implement controller-based access points on a network. A controller-based access point (controller-based AP) is an access point that receives and transmits wireless traffic and is managed by a wireless LAN con- troller (WLC). A wireless LAN controller (WLC) is a device that manages multiple TECH TIP Many access points have default admin credentials printed on the devices. Because of this, it is vital that the admin password is changed during configuration. Also, check if your router can perform updates automatically, or schedule a time to check for updates to ensure your device is consistently patched. Goodheart-Willcox Publisher Figure 14-4 Wi-Fi analyzers are devices used to locate wireless signals and signal strength in physical locations and are often used in a Wi-Fi survey.