You are previewing CWSP® Certified Wireless Security Professional Official: Study Guide.
O'Reilly logo
CWSP® Certified Wireless Security Professional Official: Study Guide

Book Description

Sybex is now the official publisher for Certified Wireless Network Professional, the certifying vendor for the CWSP program. This guide covers all exam objectives, including WLAN discovery techniques, intrusion and attack techniques, 802.11 protocol analysis. Wireless intrusion-prevention systems implementation, layer 2 and 3 VPNs used over 802.11 networks, and managed endpoint security systems. It also covers enterprise/SMB/SOHO/Public-Network Security design models and security solution implementation, building robust security networks, wireless LAN management systems, and much more.

Table of Contents

  1. Copyright
  2. Dear Reader,
  3. Acknowledgments
  4. About the Authors
  5. Foreword
  6. Introduction
    1. About CWSP® and CWNP®
    2. How to Become a CWSP
    3. Who Should Buy this Book?
    4. How to Use this Book and the CD
    5. Exam Objectives
      1. Wireless Network Attacks and Threat Assessment — 10%
      2. Monitoring, Management, and Tracking — 20%
      3. Security Design and Architecture — 50%
      4. Security Policy — 5%
      5. Fast Secure Roaming — 10%
      6. CWSP Exam Terminology
      7. Tips for Taking the CWSP Exam
  7. Assessment Test
    1. Answers to Assessment Test
  8. 1. WLAN Security Overview
    1. 1.1. Standards Organizations
      1. 1.1.1. International Organization for Standardization (ISO)
      2. 1.1.2. Institute of Electrical and Electronics Engineers (IEEE)
      3. 1.1.3. Internet Engineering Task Force (IETF)
      4. 1.1.4. Wi-Fi Alliance
    2. 1.2. 802.11 Networking Basics
    3. 1.3. 802.11 Security Basics
      1. 1.3.1. Data Privacy
      2. 1.3.2. Authentication, Authorization, Accounting (AAA)
      3. 1.3.3. Segmentation
      4. 1.3.4. Monitoring
      5. 1.3.5. Policy
    4. 1.4. 802.11 Security History
      1. 1.4.1. 802.11i Security amendment and WPA Certifications
      2. 1.4.2. Robust Security Network (RSN)
      3. 1.4.3. The Future of 802.11 Security
    5. 1.5. Summary
    6. 1.6. Exam Essentials
    7. 1.7. Key Terms
    8. 1.8. Review Questions
    9. 1.9. Answers to Review Questions
  9. 2. Legacy 802.11 Security
    1. 2.1. Authentication
      1. 2.1.1. Open System Authentication
      2. 2.1.2. Shared Key Authentication
    2. 2.2. Wired Equivalent Privacy (WEP) Encryption
    3. 2.3. Virtual Private Networks (VPNs)
      1. 2.3.1. Point-to-Point Tunneling Protocol (PPTP)
      2. 2.3.2. Layer 2 Tunneling Protocol (L2TP)
      3. 2.3.3. Internet Protocol Security (IPsec)
      4. 2.3.4. Configuration Complexity
      5. 2.3.5. Scalability
    4. 2.4. MAC Filters
    5. 2.5. SSID Segmentation
    6. 2.6. SSID Cloaking
    7. 2.7. Summary
    8. 2.8. Exam Essentials
    9. 2.9. Key Terms
    10. 2.10. Review Questions
    11. 2.11. Answers to Review Questions
  10. 3. Encryption Ciphers and Methods
    1. 3.1. Encryption Basics
      1. 3.1.1. Symmetric and Asymmetric Algorithms
      2. 3.1.2. Stream and Block Ciphers
      3. 3.1.3. RC4
      4. 3.1.4. RC5
      5. 3.1.5. DES
      6. 3.1.6. 3DES
    2. 3.2. AES
    3. 3.3. WLAN Encryption Methods
    4. 3.4. WEP
      1. 3.4.1. WEP MPDU
    5. 3.5. TKIP
      1. 3.5.1. TKIP MPDU
    6. 3.6. CCMP
      1. 3.6.1. CCMP MPDU
    7. 3.7. WPA/WPA2
    8. 3.8. Proprietary Layer 2 Implementations
    9. 3.9. Summary
    10. 3.10. Exam Essentials
    11. 3.11. Key Terms
    12. 3.12. Review Questions
    13. 3.13. Answers to Review Questions
  11. 4. Enterprise 802.11 Layer 2 Authentication Methods
    1. 4.1. WLAN Authentication Overview
    2. 4.2. AAA
      1. 4.2.1. Authentication
      2. 4.2.2. Authorization
      3. 4.2.3. Accounting
    3. 4.3. 802.1X
      1. 4.3.1. Supplicant
      2. 4.3.2. Authenticator
      3. 4.3.3. Authentication Server
    4. 4.4. Supplicant Credentials
      1. 4.4.1. Usernames and Passwords
      2. 4.4.2. Digital Certificates and PACs
      3. 4.4.3. One-time Passwords
      4. 4.4.4. Smart Cards and USB Tokens
      5. 4.4.5. Machine Authentication
      6. 4.4.6. Preshared Keys
      7. 4.4.7. Proximity Badges and RFID Tags
      8. 4.4.8. Biometrics
    5. 4.5. Authentication Server Credentials
    6. 4.6. Shared Secret
    7. 4.7. Legacy Authentication Protocols
      1. 4.7.1. PAP
      2. 4.7.2. CHAP
      3. 4.7.3. MS-CHAP
      4. 4.7.4. MS-CHAPv2
    8. 4.8. EAP
      1. 4.8.1. Weak EAP Protocols
      2. 4.8.2. EAP-MD5
      3. 4.8.3. EAP-LEAP
      4. 4.8.4. Strong EAP Protocols
      5. 4.8.5. EAP-PEAP
        1. 4.8.5.1. Phase 1
        2. 4.8.5.2. Phase 2
        3. 4.8.5.3. EAP-PEAPv0 (EAP-MSCHAPv2)
        4. 4.8.5.4. EAP-PEAPv0 (EAP-TLS)
        5. 4.8.5.5. EAP-PEAPv1 (EAP-GTC)
      6. 4.8.6. EAP-TTLS
      7. 4.8.7. EAP-TLS
      8. 4.8.8. EAP-FAST
        1. 4.8.8.1. PACs
      9. 4.8.9. Miscellaneous EAP Protocols
      10. 4.8.10. EAP-SIM
      11. 4.8.11. EAP-AKA
    9. 4.9. Summary
    10. 4.10. Exam Essentials
    11. 4.11. Key Terms
    12. 4.12. Review Questions
    13. 4.13. Answers to Review Questions
  12. 5. 802.11 Layer 2 Dynamic Encryption Key Generation
    1. 5.1. Advantages of Dynamic Encryption
    2. 5.2. Robust Security Network (RSN)
      1. 5.2.1. RSN Information Element
      2. 5.2.2. Authentication and Key Management (AKM)
      3. 5.2.3. RSNA Key Hierarchy
      4. 5.2.4. Master Session Key (MSK)
      5. 5.2.5. Master Keys
      6. 5.2.6. Temporal Keys
      7. 5.2.7. 4-Way Handshake
      8. 5.2.8. Group Key Handshake
      9. 5.2.9. PeerKey Handshake
      10. 5.2.10. RSNA Security Associations
      11. 5.2.11. Passphrase-to-PSK Mapping
      12. 5.2.12. Roaming and Dynamic Keys
    3. 5.3. Summary
    4. 5.4. Exam Essentials
    5. 5.5. Key Terms
    6. 5.6. Review Questions
    7. 5.7. Answers to Review Questions
  13. 6. SOHO 802.11 Security
    1. 6.1. WPA/WPA2-Personal
      1. 6.1.1. Preshared Keys (PSK) and Passphrases
      2. 6.1.2. WPA/WPA2-Personal Risks
      3. 6.1.3. Entropy
      4. 6.1.4. Proprietary PSK
    2. 6.2. Wi-Fi Protected Setup (WPS)
      1. 6.2.1. WPS Architecture
        1. 6.2.1.1. Security Setup Options
        2. 6.2.1.2. Registration Protocol
          1. 6.2.1.2.1. In-band Configuration Mode
          2. 6.2.1.2.2. Out-of-Band Configuration Mode
          3. 6.2.1.2.3. Guidelines and Requirements for PIN Values
        3. 6.2.1.3. Initial WLAN Setup
        4. 6.2.1.4. Example WPS Push-Button Scenario
        5. 6.2.1.5. WPS Push-Button Enrollee Addition
    3. 6.3. SOHO Security Best Practices
    4. 6.4. Summary
    5. 6.5. Exam Essentials
    6. 6.6. Key Terms
    7. 6.7. Review Questions
    8. 6.8. Answers to Review Questions
  14. 7. 802.11 Fast Secure Roaming
    1. 7.1. History of 802.11 Roaming
      1. 7.1.1. Client Roaming Thresholds
      2. 7.1.2. AP-to-AP Handoff
    2. 7.2. RSNA
      1. 7.2.1. PMKSA
      2. 7.2.2. PMK Caching
        1. 7.2.2.1. Preauthentication
    3. 7.3. Opportunistic Key Caching (OKC)
    4. 7.4. Proprietary FSR
    5. 7.5. Fast BSS Transition (FT)
      1. 7.5.1. Information Elements
      2. 7.5.2. FT Initial Mobility Domain Association
      3. 7.5.3. Over-the-Air Fast BSS Transition
      4. 7.5.4. Over-the-DS Fast BSS Transition
    6. 7.6. 802.11k
    7. 7.7. Voice Personal and Voice Enterprise
    8. 7.8. Layer 3 Roaming
    9. 7.9. Troubleshooting
    10. 7.10. SCA Roaming
    11. 7.11. Exam Essentials
    12. 7.12. Key Terms
    13. 7.13. Review Questions
    14. 7.14. Answers to Review Questions
  15. 8. Wireless Security Risks
    1. 8.1. Unauthorized Rogue Access
      1. 8.1.1. Rogue Devices
      2. 8.1.2. Rogue Prevention
    2. 8.2. Eavesdropping
      1. 8.2.1. Casual Eavesdropping
      2. 8.2.2. Malicious Eavesdropping
      3. 8.2.3. Eavesdropping Risks
      4. 8.2.4. Eavesdropping Prevention
      5. 8.2.5. Authentication Attacks
    3. 8.3. Denial-of-Service Attacks
      1. 8.3.1. Layer 1 DoS Attacks
      2. 8.3.2. Layer 2 DoS Attacks
      3. 8.3.3. MAC Spoofing
      4. 8.3.4. Wireless Hijacking
      5. 8.3.5. Encryption Cracking
      6. 8.3.6. Peer-to-Peer Attacks
      7. 8.3.7. Management Interface Exploits
      8. 8.3.8. Vendor Proprietary Attacks
      9. 8.3.9. Physical Damage and Theft
      10. 8.3.10. Social Engineering
    4. 8.4. Public Access and WLAN Hotspots
    5. 8.5. Summary
    6. 8.6. Exam Essentials
    7. 8.7. Key Terms
    8. 8.8. Review Questions
    9. 8.9. Answers to Review Questions
  16. 9. Wireless LAN Security Auditing
    1. 9.1. WLAN Security Audit
      1. 9.1.1. OSI Layer 1 Audit
      2. 9.1.2. OSI Layer 2 Audit
      3. 9.1.3. Penetration Testing
      4. 9.1.4. Wired Infrastructure Audit
      5. 9.1.5. Social Engineering Audit
      6. 9.1.6. WIPS Audit
      7. 9.1.7. Documenting the Audit
      8. 9.1.8. Audit Recommendations
    2. 9.2. WLAN Security Auditing Tools
      1. 9.2.1. Linux-Based Tools
      2. 9.2.2. Windows-Based Tools
    3. 9.3. Summary
    4. 9.4. Exam Essentials
    5. 9.5. Key Terms
    6. 9.6. Review Questions
    7. 9.7. Answers to Review Questions
  17. 10. Wireless Security Monitoring
    1. 10.1. Wireless Intrusion Detection and Prevention Systems (WIDS and WIPS)
      1. 10.1.1. WIDS/WIPS Infrastructure Components
      2. 10.1.2. WIDS/WIPS Architecture Models
      3. 10.1.3. Multiple Radio Sensors
      4. 10.1.4. Sensor Placement
    2. 10.2. Device Classification
      1. 10.2.1. Rogue Detection
      2. 10.2.2. Rogue Mitigation
      3. 10.2.3. Device Tracking
    3. 10.3. WIDS/WIPS Analysis
      1. 10.3.1. Signature Analysis
      2. 10.3.2. Behavioral Analysis
      3. 10.3.3. Protocol Analysis
      4. 10.3.4. Spectrum Analysis
      5. 10.3.5. Forensic Analysis
      6. 10.3.6. Performance Analysis
    4. 10.4. Monitoring
      1. 10.4.1. Policy Enforcement
      2. 10.4.2. Alarms and Notification
      3. 10.4.3. False Positives
      4. 10.4.4. Reports
    5. 10.5. 802.11n
    6. 10.6. Proprietary WIPS
      1. 10.6.1. Cloaking
      2. 10.6.2. Management Frame Protection
    7. 10.7. 802.11w
    8. 10.8. Summary
    9. 10.9. Exam Essentials
    10. 10.10. Key Terms
    11. 10.11. Review Questions
    12. 10.12. Answers to Review Questions
  18. 11. VPNs, Remote Access, and Guest Access Services
    1. 11.1. VPN Technology in 802.11 WLAN Architecture
      1. 11.1.1. VPN 101
      2. 11.1.2. VPN Client
      3. 11.1.3. WLAN Controllers: VPN Server for Client Access
      4. 11.1.4. VPN Client Security at Public Hotspots
      5. 11.1.5. Controller-to-Controller VPNs and Site-to-Site VPNs
      6. 11.1.6. VPNs Used to Protect Bridge Links
    2. 11.2. Remote Access
      1. 11.2.1. Remote AP
        1. 11.2.1.1. RAP Tunneling
        2. 11.2.1.2. RAP Bridging
        3. 11.2.1.3. RAP Split Tunneling
      2. 11.2.2. Virtual Branch Office Networking
    3. 11.3. Hotspots/Public Access Networks
      1. 11.3.1. Captive Portal
        1. 11.3.1.1. Features
        2. 11.3.1.2. Segmentation
        3. 11.3.1.3. User-Based Authentication Methods
    4. 11.4. Summary
    5. 11.5. Exam Essentials
    6. 11.6. Key Terms
    7. 11.7. Review Questions
    8. 11.8. Answers to Review Questions
  19. 12. WLAN Security Infrastructure
    1. 12.1. WLAN Architecture Capabilities Overview
      1. 12.1.1.
        1. 12.1.1.1. Integration Service (IS)
      2. 12.1.2. Distribution System (DS)
      3. 12.1.3. Autonomous APs
      4. 12.1.4. WLAN Controllers
      5. 12.1.5. Split MAC
      6. 12.1.6. Mesh
      7. 12.1.7. WLAN Bridging
      8. 12.1.8. Cooperative Control
        1. 12.1.8.1. Dynamic Frequency Selection
        2. 12.1.8.2. Dynamic RF
      9. 12.1.9. Location-Based Access Control
      10. 12.1.10. Hot Standby/Failover
    2. 12.2. Device Management
      1. 12.2.1. Protocols for Management
        1. 12.2.1.1. SNMP
          1. 12.2.1.1.1. Components
          2. 12.2.1.1.2. Structure of Management Information
          3. 12.2.1.1.3. Versions and Differences
          4. 12.2.1.1.4. SNMPv1
          5. 12.2.1.1.5. SNMPv2
          6. 12.2.1.1.6. SNMPv3
        2. 12.2.1.2. CLI-Based Management
          1. 12.2.1.2.1. Serial and Console Ports
          2. 12.2.1.2.2. Telnet
          3. 12.2.1.2.3. Secure Shell
        3. 12.2.1.3. HTTPS
      2. 12.2.2. CAPWAP and LWAPP
      3. 12.2.3. Wireless Network Management System
    3. 12.3. RADIUS/LDAP Servers
      1. 12.3.1. Proxy Services
      2. 12.3.2. Features and Components
        1. 12.3.2.1. Attribute-Value Pairs
        2. 12.3.2.2. Vendor-Specific Attributes
        3. 12.3.2.3. Dynamic VLAN Assignment
        4. 12.3.2.4. Proxy of User Databases
        5. 12.3.2.5. Proxy of a Proxy (Realm)
      3. 12.3.3. Integration
        1. 12.3.3.1. LDAP
        2. 12.3.3.2. Active Directory
        3. 12.3.3.3. SQL Databases
      4. 12.3.4. EAP Type Selection
      5. 12.3.5. Deployment Architectures and Scaling
        1. 12.3.5.1. Single-Site Deployment
        2. 12.3.5.2. Distributed Autonomous Sites
        3. 12.3.5.3. Distributed Sites, Centralized Authentication, and Security
        4. 12.3.5.4. Distributed Sites and Security, Centralized Authentication
        5. 12.3.5.5. Built-in RADIUS Servers
      6. 12.3.6. RADIUS Failover
      7. 12.3.7. Timer Values
        1. 12.3.7.1. EAP Timers
        2. 12.3.7.2. EAP Request
        3. 12.3.7.3. EAP Identity Request
        4. 12.3.7.4. RADIUS Timers
        5. 12.3.7.5. RADIUS Authentication Retransmission Timeout
        6. 12.3.7.6. AP-Based Timers
        7. 12.3.7.7. Session Timeout
        8. 12.3.7.8. Inactivity Timer
      8. 12.3.8. WAN Traversal
      9. 12.3.9. Multifactor Authentication Servers
    4. 12.4. Public Key Infrastructure (PKI)
      1. 12.4.1.
        1. 12.4.1.1. Self-Signed Certificates
        2. 12.4.1.2. Enterprise PKI
    5. 12.5. Role-Based Access Control
      1. 12.5.1.
        1. 12.5.1.1. Role Assignment
        2. 12.5.1.2. Built-in/Integrated Firewalls
        3. 12.5.1.3. ACLs
        4. 12.5.1.4. Network Access Control (NAC)
    6. 12.6. Enterprise Encryption Gateways
    7. 12.7. Summary
    8. 12.8. Exam Essentials
    9. 12.9. Key Terms
    10. 12.10. Review Questions
    11. 12.11. Answers to Review Questions
  20. 13. Wireless Security Policies
    1. 13.1. General Policy
      1. 13.1.1. Policy Creation
      2. 13.1.2. Policy Management
    2. 13.2. Functional Policy
      1. 13.2.1. Password Policy
      2. 13.2.2. RBAC Policy
      3. 13.2.3. Change Control Policy
      4. 13.2.4. Authentication and Encryption Policy
      5. 13.2.5. WLAN Monitoring Policy
      6. 13.2.6. Endpoint Policy
      7. 13.2.7. Acceptable Use Policy
      8. 13.2.8. Physical Security
      9. 13.2.9. Remote Office Policy
    3. 13.3. Government and Industry Regulations
      1. 13.3.1. The US Department of Defense (DoD) Directive 8100.2
      2. 13.3.2. Federal Information Processing Standards (FIPS) 140-2
      3. 13.3.3. The Sarbanes-Oxley Act of 2002 (SOX)
      4. 13.3.4. Health Insurance Portability and Accountability Act (HIPAA)
      5. 13.3.5. Payment Card Industry (PCI) Standard
      6. 13.3.6. Compliance Reports
    4. 13.4. 802.11 WLAN Policy Recommendations
    5. 13.5. Summary
    6. 13.6. Exam Essentials
    7. 13.7. Key Terms
    8. 13.8. Review Questions
    9. 13.9. Answers to Review Questions
  21. A. Abbreviations, Acronyms, and Regulations
    1. A.1.
      1. A.1.1. Certifications
      2. A.1.2. Organizations and Regulations
      3. A.1.3. Measurements
      4. A.1.4. Technical Terms
    2. A.2. Power Regulations
      1. A.2.1. 2.4 GHz ISM Point-to-Multipoint (PtMP) Communications
      2. A.2.2. 5 GHz UNII Point-to-Multipoint (PtMP) Communications
      3. A.2.3. 2.4 GHz ISM Point-to-Point (PtP) Communications
      4. A.2.4. 5 GHz UNII Point-to-Point (PtP) Communications
      5. A.2.5. Windows Registry Values that Control Preauthentication and PMK Caching
  22. B. WLAN Vendors
    1. B.1. WLAN Infrastructure
    2. B.2. WLAN Mesh Infrastructure
    3. B.3. WLAN Auditing, Diagnostic, and Design Solutions
    4. B.4. WLAN Management
    5. B.5. WLAN Security Solutions
    6. B.6. VoWiFi Solutions
    7. B.7. WLAN Fixed Mobile Convergence
    8. B.8. WLAN RTLS Solutions
    9. B.9. WLAN SOHO Vendors
  23. C. About the Companion CD
    1. C.1. What You'll Find on the CD
      1. C.1.2. Sybex Test Engine
      2. C.1.3. Electronic Flashcards
    2. C.2. System Requirements
    3. C.3. Using the CD
    4. C.4. Troubleshooting
      1. C.4.1. Customer Care
  24. Glossary