CWSP Certified Wireless Security Professional Study Guide, 2ed: Exam CWSP - 205

Author : David D. Coleman, David A. Westcott, Bryan Harkins
Price : Rs 899.00
ISBN 13 : 9788126565450
ISBN 10 : 8126565454
Pages : 696
Type : Paperbound

9788126565450

Details

CWSP: Certified Wireless Security Professional Study Guide offers comprehensive preparation for the CWSP-205 exam. Fully updated to align with the new 2015 exam, this guide covers all exam objectives and gives you access to the Sybex interactive online learning system so you can go into the test fully confident in your skills. Coverage includes WLAN discovery, intrusion and attack, 802.11 protocol analysis, wireless intrusion prevention system implementation, Layer 2 and 3 VPN over 802.11 networks, managed endpoint security systems and more.

Foreword
Introduction

Assessment Test

 

Chapter 1 WLAN Security Overview

  • Standards Organizations  
  • International Organization for Standardization (ISO)
  • Institute of Electrical and Electronics Engineers (IEEE)
  • Internet Engineering Task Force (IETF)
  • Wi-Fi Alliance
  • 802.11 Networking Basics
  • 802.11 Security Basics
  • Data Privacy
  • Authentication, Authorization, Accounting (AAA)
  • Segmentation
  • Monitoring
  • Policy
  • 802.11 Security History
  • 802.11i Security Amendment and WPA Certifications
  • Robust Security Network (RSN)

 

Chapter 2 Legacy 802.11 Security

  • Authentication
  • Open System Authentication
  • Shared Key Authentication
  • Wired Equivalent Privacy (WEP) Encryption
  • TKIP
  • Virtual Private Networks (VPNs)
  • Point-to-Point Tunneling Protocol (PPTP)
  • Layer 2 Tunneling Protocol (L2TP)
  • Internet Protocol Security (IPsec)
  • Secure Sockets Layer (SSL)
  • VPN Configuration Complexity
  • VPN Scalability
  • MAC Filters
  • SSID Segmentation
  • SSID Cloaking

 

Chapter 3 Encryption Ciphers and Methods

  • Encryption Basics
  • Symmetric and Asymmetric Algorithms
  • Stream and Block Ciphers
  • RC4/ARC4
  • RC5
  • DES  
  • 3DES
  • AES
  • WLAN Encryption Methods
  • WEP
  • WEP MPDU
  • TKIP
  • TKIP MPDU
  • CCMP
  • CCMP MPDU
  • WPA/WPA2
  • Future Encryption Methods
  • Proprietary Layer 2 Implementations

 

Chapter 4 802.1X / EAP Authentication

  • WLAN Authentication Overview
  • AAA
  • Authentication
  • Authorization
  • Accounting
  • 802.1X
  • Supplicant
  • Authenticator
  • Authentication Server
  • Supplicant Credentials
  • Usernames and Passwords
  • Digital Certificates
  • Protected Access Credentials (PACs)
  • One-T - ime Passwords
  • Smart Cards and USB Tokens
  • Machine Authentication
  • 802.1X / EAP and Certificates
  • Server Certificates and Root CA Certificates
  • Client Certificates
  • Shared Secret
  • Legacy Authentication Protocols
  • PAP
  • CHAP
  • MS-CHAP
  • MS-CHAPv2
  • EAP
  • Weak EAP Protocols
  • EAP-MD5
  • EAP-LEAP
  • Strong EAP Protocols
  • EAP-PEAP
  • EAP-TTLS
  • EAP-TLS
  • EAP-FAST
  • Miscellaneous EAP Protocols
  • EAP-SIM
  • EAP-AKA
  • EAP-TEAP

 

Chapter 5 802.11 Layer 2 Dynamic Encryption Key Generation

  • Advantages of Dynamic Encryption
  • Robust Security Network (RSN)
  • RSN Information Element
  • Authentication and Key Management (AKM)
  • RSNA Key Hierarchy
  • 4-Way Handshake
  • Group Key Handshake
  • PeerKey Handshake
  • TDLS Peer Key Handshake
  • RSNA Security Associations
  • Passphrase-to-PSK Mapping
  • Roaming and Dynamic Keys

 

Chapter 6 PSK Authentication

  • WPA/WPA2-Personal
  • Preshared Keys (PSK) and Passphrases
  • WPA/WPA2-Personal Risks
  • Entropy
  • Proprietary PSK
  • Simultaneous Authentication of Equals (SAE)

 

Chapter 7 802.11 Fast Secure Roaming

  • History of 802.11 Roaming
  • Client Roaming Thresholds
  • AP-to-AP Handoff
  • RSNA
  • PMKSA
  • PMK Caching
  • Pre authentication
  • Opportunistic Key Caching (OKC)
  • Proprietary FSR
  • Fast BSS Transition (FT)
  • Information Elements
  • FT Initial Mobility Domain Association
  • Over-the-Air Fast BSS Transition
  • Over-the-DS Fast BSS Transition
  • 802.11k
  • 802.11v
  • Voice Enterprise
  • Layer 3 Roaming
  • Troubleshooting

 

Chapter 8 WLAN Security Infrastructure

  • 802.11 Services
  • Integration Service (IS)
  • Distribution System (DS)
  • Management, Control and Data Planes
  • Management Plane
  • Control Plane
  • Data Plane
  • WLAN Architecture
  • Autonomous WLAN Architecture
  • Centralized Network Management Systems
  • Cloud Networking
  • Centralized WLAN Architecture
  • Distributed WLAN Architecture
  • Unified WLAN Architecture
  • Hybrid Architectures
  • Enterprise WLAN Routers
  • WLAN Mesh Access Points
  • WLAN Bridging
  • VPN Wireless Security
  • VPN 101
  • Layer 3 VPNs
  • SSL VPN
  • VPN Deployment
  • Infrastructure Management
  • Protocols for Management

 

Chapter 9 RADIUS and LDAP

  • LDAP
  • RADIUS
  • Authentication and Authorization
  • Accounting
  • RADIUS Configuration
  • LDAP Proxy
  • RADIUS Deployment Models
  • RADIUS Proxy
  • RADIUS Proxy and Realms
  • RADIUS Failover
  • WLAN Devices as RADIUS Servers
  • Captive Web Portal and MAC Authentication
  • RadSec
  • Attribute-Value Pairs
  • Vendor-Specific Attributes
  • VLAN Assignment
  • Role-Based Access Control
  • LDAP Attributes

 

Chapter 10 Bring Your Own Device (BYOD) and Guest Access

  • Mobile Device Management
  • Company-Issued Devices vs. Personal Devices
  • MDM Architecture
  • MDM Enrollment
  • MDM Profiles
  • MDM Agent Software
  • Over-the-Air Management
  • Application Management
  • Self-Service Device Onboarding for Employees
  • Dual-SSID Onboarding
  • Single-SSID Onboarding
  • MDM vs. Self-Service Onboarding
  • Guest WLAN Access
  • Guest SSID
  • Guest VLAN
  • Guest Firewall Policy
  • Captive Web Portals
  • Client Isolation, Rate Limiting and Web Content Filtering
  • Guest Management
  • Guest Self-Registration
  • Employee Sponsorship
  • Social Login
  • Encrypted Guest Access
  • Network Access Control (NAC)
  • Posture
  • OS Fingerprinting
  • AAA
  • RADIUS Change of Authorization
  • Single Sign-On

 

Chapter 11 Wireless Security Troubleshooting

  • Five Tenets of WLAN Troubleshooting
  • Troubleshooting Best Practices
  • Troubleshoot the OSI Model
  • Most Wi-Fi Problems Are Client Issues
  • Proper WLAN Design Reduces Problems
  • WLAN Always Gets the Blame
  • PSK Troubleshooting
  • 802.1X/EAP Troubleshooting
  • 802.1X/EAP Troubleshooting Zones
  • Zone 1: Backend Communication Problems
  • Zone 2: Supplicant Certificate Problems
  • Zone 2: Supplicant Credential Problems
  • Roaming Troubleshooting
  • VPN Troubleshooting

 

Chapter 12 Wireless Security Risks

  • Unauthorized Rogue Access
  • Rogue Devices
  • Rogue Prevention
  • Eavesdropping
  • Casual Eavesdropping
  • Malicious Eavesdropping
  • Eavesdropping Risks
  • Eavesdropping Prevention
  • Authentication Attacks
  • Denial-of-Service Attacks  
  • Layer 1 DoS Attacks
  • Layer 2 DoS Attacks  
  • MAC Spoofing  
  • Wireless Hijacking
  • Management Interface Exploits
  • Vendor Proprietary Attacks  
  • Physical Damage and Theft  
  • Social Engineering  
  • Guest Access and WLAN Hotspots

 

Chapter 13 Wireless LAN Security Auditing

  • WLAN Security Audit
  • OSI Layer 1 Audit
  • OSI Layer 2 Audit
  • Penetration Testing
  • Wired Infrastructure Audit
  • Social Engineering Audit
  • WIPS Audit
  • Documenting the Audit
  • Audit Recommendations
  • WLAN Security Auditing Tools
  • Linux-Based Tools

 

Chapter 14 Wireless Security Monitoring

  • Wireless Intrusion Detection and Prevention Systems (WIDS and WIPS)
  • WIDS / WIPS Infrastructure Components
  • WIDS / WIPS Architecture Models
  • Multiple Radio Sensors
  • Sensor Placement
  • Device Classification
  • Rogue Detection
  • Rogue Mitigation
  • Device Tracking
  • WIDS / WIPS Analysis
  • Signature Analysis
  • Behavioral Analysis
  • Protocol Analysis
  • Spectrum Analysis
  • Forensic Analysis
  • Performance Analysis
  • Monitoring
  • Policy Enforcement
  • Alarms and Notification
  • False Positives
  • Reports
  • 802.11n/ac
  • 802.11w

 

Chapter 15 Wireless Security Policies

  • General Policy
  • Policy Creation
  • Policy Management
  • Functional Policy
  • Password Policy
  • RBAC Policy
  • Change Control Policy
  • Authentication and Encryption Policy
  • WLAN Monitoring Policy
  • Endpoint Policy
  • Acceptable Use Policy
  • Physical Security
  • Remote Office Policy
  • Government and Industry Regulations
  • The U.S. Department of Defense (DoD) Directive 8420.1
  • Federal Information Processing Standards (FIPS) 140-2
  • The Sarbanes-Oxley Act of 2002 (SOX)
  • Graham-Leach-Bliley Act (GLBA)
  • Health Insurance Portability and Accountability Act (HIPAA)
  • Payment Card Industry (PCI) Standard
  • Compliance Reports
  • 802.11 WLAN Policy Recommendations

 

Summary

Exam Essentials

Review Questions

Appendix A Answers to Review Questions

Chapter 1: WLAN Security Overview

Chapter 2: Legacy 802.11 Security

Chapter 3: Encryption Ciphers and Methods

Chapter 4: 802.1X/EAP Authentication

Chapter 5: 802.11 Layer 2 Dynamic Encryption Key Generation

Chapter 6: PSK Authentication

Chapter 7: 802.11 Fast Secure Roaming

Chapter 8: WLAN Security Infrastructure

Chapter 9: RADIUS and LDAP

Chapter 10: Bring Your Own Device (BYOD) and Guest Access

Chapter 11: Wireless Security Troubleshooting

Chapter 12: Wireless Security Risks

Chapter 13: Wireless LAN Security Auditing

Chapter 14: Wireless Security Monitoring

Chapter 15: Wireless Security Policies

 

Appendix B Abbreviations and Acronyms

Certifications

Organizations and Regulations

Measurements

Technical Terms

Index

Considered the standard wireless certification for security administrators, this is the only vendor-neutral wireless certification offered. The exam is offered Pearson VUE testing centers worldwide.

David D. Coleman, CWNE #4, CWNA, CWSP, CWNT, is a WLAN security consultant and technical trainer with over twenty years of IT experience. The company he founded, AirSpy Networks (www.airspy.com), specializes in corporate WLAN training. David A. Westcott, CWNE #7, CWNA, CWSP, CWNT, is an independent consultant and WLAN technical trainer with over twenty years ofexperience.