Wireless Site Survey
A systematic assessment of the radio frequency environment in a physical area, performed before or during wireless network deployment. Identifies existing access points (both authorized and unauthorized), maps signal coverage, detects interference sources, and guides channel and access point placement decisions. Should be performed periodically as environments change.
Heat Map
A visual representation of wireless signal strength overlaid on a floor plan or physical map. Warm colors (red, yellow) indicate strong signal; cool colors (blue, purple) indicate weak signal. Used to identify coverage gaps, dead zones, and areas where signal extends beyond intended boundaries (security risk). Generated by walking a space with a wireless survey tool.
Spectrum Analyzer
A tool that displays all radio frequency activity across wireless bands β including non-Wi-Fi sources such as microwave ovens, baby monitors, cordless phones, and Bluetooth devices. Unlike wireless survey tools that show only 802.11 devices, a spectrum analyzer reveals interference from any RF source. Essential when unexplained interference persists and standard wireless tools cannot identify the cause.
Rogue Access Point
An unauthorized wireless access point operating on a network or in a physical area without organizational approval. May be installed by an employee for convenience (creating an unmanaged network entry point) or by an attacker to intercept traffic. Detected during wireless site surveys. Represents an uncontrolled network access path that bypasses organizational security controls.
MDM (Mobile Device Management)
A centralized platform for managing and enforcing security policies on enrolled mobile devices β both company-owned and personally owned. Capabilities include policy enforcement (screen lock, PIN, encryption), feature control (camera, Bluetooth, app installation), data segmentation (corporate/personal partitions), and remote wipe. Makes mobile security scalable across fleets of hundreds or thousands of devices.
BYOD (Bring Your Own Device)
A policy allowing employees to use personally owned devices for organizational work. Benefits: reduced hardware costs, employee preference satisfaction. Security challenges: device serves dual personal/work purpose, privacy tensions limit organizational control, data protection requires MDM enrollment, device disposal/trade-in creates data exposure risk. MDM manages only the corporate partition, leaving personal data outside organizational control.
COPE (Corporate Owned, Personally Enabled)
A mobile device ownership model where the organization purchases and owns the device but permits personal use alongside corporate use. Organization retains full administrative control β can enforce any policy and wipe the entire device (including personal data) at any time. Analogous to company-issued laptops that allow personal use but remain corporate property. More organizational control than BYOD; less privacy protection for employees.
CYOD (Choose Your Own Device)
A variant of COPE where the organization purchases the device but allows the employee to select from an approved list of models. Balances employee preference with organizational control β only pre-approved device models with known security properties are permitted. The organization still owns and fully controls the device; the employee just has input on which approved model they receive.
On-Path Attack (Wi-Fi)
An attack where an adversary positions themselves between a wireless client and the network β either via a rogue access point or ARP poisoning β to intercept, read, or modify traffic. The victim sees a normal connection while the attacker receives all traffic. Also called a man-in-the-middle attack. Defenses: WPA3 Enterprise with certificate authentication, end-to-end encryption (TLS), VPN on untrusted networks.
Wi-Fi Denial of Service
An attack that disrupts wireless network availability via radio frequency interference or protocol exploitation. Deauthentication attacks forge management frames to disconnect clients from access points, causing repeated service disruption. RF jamming floods frequencies with noise. Defenses include 802.11w (management frame protection) and WPA3, which authenticate management frames to prevent forged deauthentication.
Bluetooth PAN (Personal Area Network)
A short-range wireless network (typically 10β100 meters) created by Bluetooth-connected devices around a personal device β headsets, smartwatches, health monitors, automotive systems. Security relies on the pairing process (shared key establishment with user confirmation) to prevent unauthorized connections. Risks: unauthorized pairing, auto-connection to spoofed familiar devices. Best practice: disable when not in use; do not accept unknown pairing requests.
Data Segmentation (Mobile)
The MDM-enforced logical separation of a mobile device into a corporate partition (managed under organizational policy, containing corporate apps and data) and a personal partition (outside organizational control, containing personal content). Allows corporate data to be remotely wiped without affecting personal data. The technical implementation of the BYOD privacy/security balance.