Table 1 β Wireless Survey Tools Compared
| Tool Type | What It Shows | Best Use Case | Sees Non-Wi-Fi RF? |
|---|---|---|---|
| Built-in OS wireless utility | Visible SSIDs, signal strength of associated/nearby APs | Quick check; casual troubleshooting | No |
| Third-party survey app (NetSpot, Ekahau, inSSIDer) | All visible APs: SSID, BSSID, channel, band, signal, security type; heat map generation | Full site survey; rogue AP detection; channel planning; heat maps | No |
| Spectrum analyzer | All RF energy across wireless bands regardless of source (Wi-Fi, Bluetooth, microwave, etc.) | Identifying non-Wi-Fi interference; finding rogue transmitters; unexplained interference | Yes |
Table 2 β BYOD vs. COPE vs. CYOD
| Model | Who Owns Device | Organizational Control | Personal Use | Key Security Trade-off |
|---|---|---|---|---|
| BYOD (Bring Your Own Device) | Employee | Partial β MDM manages corporate partition only; personal data outside control | Full personal use | Lower control; privacy tension; risk at device disposal |
| COPE (Corporate Owned, Personally Enabled) | Organization | Full β organization can wipe entire device including personal data | Permitted but under organizational terms | Higher control; employee privacy limited; organization bears hardware cost |
| CYOD (Choose Your Own Device) | Organization | Full β same as COPE; device is from approved list | Permitted under organizational terms | Employee preference within approved models; org retains full ownership and control |
Table 3 β MDM Capabilities and What They Address
| MDM Capability | What It Does | Security Problem It Solves |
|---|---|---|
| Policy enforcement | Pushes security configurations to enrolled devices automatically | Ensures consistent security posture across all devices regardless of user action |
| Feature control | Enables/disables camera, Bluetooth, microphone, tethering based on policy | Prevents unauthorized data capture or network bridging in sensitive environments |
| Application management | Requires/blocks specific apps; restricts app stores or categories | Prevents malware installation and unauthorized data exfiltration via apps |
| Data segmentation | Creates separate corporate and personal partitions on the device | Isolates corporate data from personal apps; allows targeted wipe of corporate data only |
| Screen lock + PIN enforcement | Forces screen lock after inactivity; requires PIN/password to unlock | Protects data on lost or stolen devices from immediate physical access |
| Remote wipe | Deletes corporate partition (or entire device) from MDM console | Destroys corporate data if device is lost, stolen, sold, or employee offboarded |
Table 4 β Three Wi-Fi Attack Types: Threat, Method, Defense
| Attack Type | What the Attacker Does | Primary Defense |
|---|---|---|
| Data capture (eavesdropping) | Captures wireless frames in range using passive monitoring | Encrypt all traffic (WPA3, TLS, VPN on untrusted networks) β captured frames are unreadable |
| On-path attack (MITM) | Inserts between client and AP via rogue AP or ARP poisoning; reads/modifies traffic | WPA3 Enterprise with certificate auth; end-to-end TLS; avoid auto-connect to open networks |
| Denial of service | Floods frequency with noise (RF jamming) or sends forged deauthentication frames (deauth attack) | 802.11w management frame protection; WPA3 (authenticates management frames); physical security of the space |
Table 5 β Cellular vs. Wi-Fi vs. Bluetooth: Security Profile
| Technology | Range | Who Controls Infrastructure | Key Security Risks | Primary Defenses |
|---|---|---|---|---|
| Cellular (4G/5G) | Miles (cell coverage) | Carrier β not the organization | Traffic interception (IMSI catchers), location tracking, global attack surface on unpatched device | Keep devices patched; use encrypted apps; VPN for sensitive comms |
| Wi-Fi (802.11) | 100β300 ft indoors typically | Organization (for corporate WLAN) or uncontrolled (public) | Eavesdropping, on-path attacks via rogue AP, DoS via deauth/jamming | WPA3, TLS, VPN on public Wi-Fi, 802.11w, site surveys to detect rogue APs |
| Bluetooth | 10β100 meters (class dependent) | Device owner | Unauthorized pairing, eavesdropping after pairing, auto-connect to spoofed device | Formal pairing with confirmation; disable when not in use; do not accept unknown pair requests |
Table 6 β Site Survey Purposes and Frequency
| Purpose | What It Identifies | Why Repeat It? |
|---|---|---|
| Pre-deployment planning | Existing access points, channel use, interference sources, coverage needs | Environment changes (new tenants, new devices, construction) |
| Rogue AP detection | Access points not in organizational inventory that may be unauthorized | New rogue devices may appear at any time; only periodic surveys catch new additions |
| Interference identification | Sources of RF noise affecting network performance and reliability | New devices (microwave, baby monitor, neighbor's AP) may appear and cause new interference |
| Coverage validation | Dead zones, weak signal areas, areas where signal extends beyond intended boundaries | Physical changes to space (new walls, furniture, equipment) alter signal propagation |