The Official Study Guide for
Exam PW0-204 from CWNP

Official Study Guide

• Full coverage of all exam objectives in a systematic approach, so you can
be confident you’re getting the instruction you need for the exam

• Exam Essentials, a key feature in each chapter that identifies critical areas
you must become proficient in before taking the exam
• White papers, demo software, practice exams, and over 150 flashcards on
the CD to further facilitate your learning
• A handy tear card that maps every official exam objective to the
corresponding chapter in the book, so you can track your exam prep
objective by objective
Look inside for complete coverage of all exam objectives.

ELECTRONIC FLASHCARDS:
Reinforce your understanding with
electronic flashcards.

ABOUT THE AUTHORS

The CD also includes white papers and
demo software.

David D. Coleman, CWNE #4, CWNA, CWSP, CWNT, is a WLAN security consultant and technical
trainer with over twenty years of IT experience. The company he founded, AirSpy Networks
(www.airspy.com), specializes in corporate WLAN training. David A. Westcott, CWNE #7, CWNA,
CWSP, CWNT, is an independent consultant and WLAN technical trainer with over twenty years of
experience. He has been a certified trainer for over fifteen years. Bryan E. Harkins, CWNE #44, CWSP,

CWNA, CWNT, is the Training and Development Manager for Motorola AirDefense Solutions, a
market leader in wireless intrusion prevention systems. Shawn M. Jackman, CWNE #54, CWNA,
CWSP, CWAP is a principal WLAN engineer with Kaiser Permanente. He has over fifteen years’
experience working with wireless manufacturers and integrators.
ISBN 978-0-470-43891-6

$69.99 US
$83.99 CN

®

• Challenging review questions in each chapter to prepare you for exam day

Certified Wireless
Security Professional
Official Study Guide

• Real-world scenarios that put what you’ve learned in the context of actual
job roles

SYBEX TEST ENGINE:
Test your knowledge with advanced
testing software. Includes all chapter
review questions and practice exams.

Exam PW0-204

CWSP

Prepare for the Certified Wireless Security Professional exam (PW0-204)

with this new Official Study Guide from CWNP. This comprehensive resource
covers everything you need for the exam, including wireless security basics,
risks, and policies; legacy 802.11 security and robust network security (RSN);
encryption ciphers and methods; enterprise 802.11 layer 2 authentication
methods; fast secure roaming, wireless intrusion prevention; and many
other essential WLAN security topics and concepts. Inside you’ll find:

• Practical hands-on exercises to reinforce critical skills

Official Study Guide

FEATURED ON THE CD

®

CWSP

®

Certified Wireless Security Professional
Official Study Guide
David D. Coleman
David A. Westcott
Bryan E. Harkins
Shawn M. Jackman

Study anywhere, any time, and approach
the exam with confidence.

Exam PW0-204


Coleman
Westcott
Harkins
Jackman

www.sybex.com
CATEGORY:
COMPUTERS/Certification Guides

• Hundreds of Sample Questions
• Electronic Flashcards
• Case Studies and Demo Software

ABOUT THE CWNP PROGRAM
CWNP is the industry standard for vendorneutral, enterprise WLAN certifications.
The focus is to educate IT professionals in
the technology behind all enterprise WLAN
products and to enable these professionals to manage wireless LAN enterprise
infrastructures, regardless of the vendor
solution utilized. CWNP is a privately held
corporation based in Atlanta, Georgia. For
more information, visit www.cwnp.com.

Includes Real-World Scenarios, Hands-On Exercises,
and Leading-Edge Exam Prep Software Featuring:

SERIOUS SKILLS.



ffirs.indd ii

1/12/10 9:05:35 PM


CWSP

®

Certified Wireless Security
Professional Official
Study Guide

ffirs.indd i

1/12/10 9:05:32 PM


ffirs.indd ii

1/12/10 9:05:35 PM


CWSP

®

Certified Wireless Security
Professional Official
Study Guide


David Coleman, David Westcott,
Bryan Harkins, and Shawn Jackman

ffirs.indd iii

1/12/10 9:05:35 PM


Acquisitions Editor: Jeff Kellum
Development Editor: Gary Schwartz
Technical Editors: Sam Coyl and Marcus Burton
Production Editor: Rachel McConlogue
Copy Editor: Liz Welch
Editorial Manager: Pete Gaughan
Production Manager: Tim Tate
Vice President and Executive Group Publisher: Richard Swadley
Vice President and Publisher: Neil Edde
Media Project Manager 1: Laura Moss-Hollister
Media Associate Producer: Marilyn Hummel
Media Quality Assurance: Josh Frank
Book Designers: Judy Fung and Bill Gibson
Proofreader: Publication Services, Inc.
Indexer: Ted Laux
Project Coordinator, Cover: Lynsey Stanford
Cover Designer: Ryan Sneed
Copyright © 2010 by Wiley Publishing, Inc., Indianapolis, Indiana
Published simultaneously in Canada
ISBN: 978-0-470-43891-6
No part of this publication may be reproduced, stored in a retrieval system or transmitted in any form or by

any means, electronic, mechanical, photocopying, recording, scanning or otherwise, except as permitted under
Sections 107 or 108 of the 1976 United States Copyright Act, without either the prior written permission of the
Publisher, or authorization through payment of the appropriate per-copy fee to the Copyright Clearance Center,
222 Rosewood Drive, Danvers, MA 01923, (978) 750-8400, fax (978) 646-8600. Requests to the Publisher
for permission should be addressed to the Permissions Department, John Wiley & Sons, Inc., 111 River Street,
Hoboken, NJ 07030, (201) 748-6011, fax (201) 748-6008, or online at />Limit of Liability/Disclaimer of Warranty: The publisher and the author make no representations or warranties
with respect to the accuracy or completeness of the contents of this work and specifically disclaim all warranties, including without limitation warranties of fitness for a particular purpose. No warranty may be created or
extended by sales or promotional materials. The advice and strategies contained herein may not be suitable for
every situation. This work is sold with the understanding that the publisher is not engaged in rendering legal,
accounting, or other professional services. If professional assistance is required, the services of a competent
professional person should be sought. Neither the publisher nor the author shall be liable for damages arising herefrom. The fact that an organization or Web site is referred to in this work as a citation and/or a potential source of
further information does not mean that the author or the publisher endorses the information the organization or
Web site may provide or recommendations it may make. Further, readers should be aware that Internet Web sites
listed in this work may have changed or disappeared between when this work was written and when it is read.
For general information on our other products and services or to obtain technical support, please contact our
Customer Care Department within the U.S. at (877) 762-2974, outside the U.S. at (317) 572-3993 or fax
(317) 572-4002.
Wiley also publishes its books in a variety of electronic formats. Some content that appears in print may not be
available in electronic books.
Library of Congress Cataloging-in-Publication Data
CWSP : certified wireless security professional official study guide (exam PW0-204) / David D. Coleman . . .
[et al.]. — 1st ed.
p. cm.
ISBN 978-0-470-43891-6
1. Wireless communication systems — Security measures — Examinations — Study guides.
2. Telecommunications engineers — Certification. I. Coleman, David D.
TK5103.2.C87 2010
005.8076—dc22
2009042658
TRADEMARKS: Wiley, the Wiley logo, and the Sybex logo are trademarks or registered trademarks of John

Wiley & Sons, Inc. and/or its affiliates, in the United States and other countries, and may not be used without
written permission. CWSP is a registered trademark of CWNP, Inc. All other trademarks are the property of their
respective owners. Wiley Publishing, Inc., is not associated with any product or vendor mentioned in this book.
10 9 8 7 6 5 4 3 2 1

ffirs.indd iv

1/12/10 9:05:36 PM


Dear Reader,
Thank you for choosing CWSP: Certifi ed Wireless Security Professional Official Study
Guide. This book is part of a family of premium-quality Sybex books, all of which are
written by outstanding authors who combine practical experience with a gift for teaching.
Sybex was founded in 1976. More than 30 years later, we’re still committed to producing
consistently exceptional books. With each of our titles, we’re working hard to set a new
standard for the industry. From the paper we print on, to the authors we work with, our
goal is to bring you the best books available.
I hope you see all that reflected in these pages. I’d be very interested to hear your
comments and get your feedback on how we’re doing. Feel free to let me know what you
think about this or any other Sybex book by sending me an email at If
you think you’ve found a technical error in this book, please visit thelp
.com. Customer feedback is critical to our efforts at Sybex.
Best regards,

Neil Edde
Vice President and Publisher
Sybex, an Imprint of Wiley

ffirs.indd v


1/12/10 9:05:37 PM


ffirs.indd vi

1/12/10 9:05:37 PM


We dedicate this book to all the men and women of the United States
Armed Forces for putting their private lives aside to preserve and protect
freedom. Thank you for your service and your sacrifi ce.

ffirs.indd vii

1/12/10 9:05:37 PM


Acknowledgments
David Coleman would once again like to thank his children, Brantley and Carolina, for their
patience and understanding of their father throughout the writing of yet another book. I love
you kids very much. David would also like to thank his mother, Marjorie Barnes, and his
stepfather, William Barnes, for many years of support and encouragement. David would also
like to thank his brother, Rob Coleman, for all his help during a tough year.
David Westcott would like to thank his parents, Kathy and George, who have provided
so much support and love and from whom he has learned so much. He would also like to
thank Janie, Jennifer, and Samantha for their patience and understanding of life on the
road and for their support throughout the writing of this book.
Bryan Harkins would like to thank his wife, Ronda, and his two daughters, Chrystan
and Catelynn, for enduring the constant travel and time away from them it has taken

to create this book. I love the three of you very much. I would also like to thank my
parents for always being there and my brother Chris for getting me into IT in the fi rst
place. Additionally, I would like to thank David Thomas and Ralf Deltrap of Motorola
AirDefense Solutions for making me part of the AirDefense team years ago.
Shawn Jackman would like to thank his parents, Alice and Steve, for the many years
of encouragement and unquestioning support, but most of all for leading by example as a
parent, provider, and character example. Shawn would also like to thank his wife, Joy, the
world’s most supportive and wonderful woman a Wi-Fi geek could ever ask for. And, of
course, to his children, Summer, Pierce, and Julia, who are loved by their daddy more than
they will ever know.
Writing CWSP: Certifi ed Wireless Security Professional Offi cial Study Guide has been
an adventure from the start. We would like to thank the following individuals for their
support and contributions during the entire process.
We must fi rst thank Sybex acquisitions editor Jeff Kellum for initially fi nding us and
bringing us on to this project. Jeff is an extremely patient and understanding editor who
occasionally sends a nasty email message. We would also like to thank our development
editor, Gary Schwartz. We also need to send special thanks to our editorial manager, Pete
Gaughan; our production editor, Rachel McConlogue; and Liz Welch, our copyeditor.
We also need to give a big shout-out to our technical editor, Sam Coyl. Sam is a member
of the IEEE with many years of practical experience in wireless communications. His
contributions to the book were nothing short of invaluable. When Sam is not providing
awesome technical editing, he is vice president of business development for Netrepid
(www.netrepid.com), a wireless solutions provider.
We would also like to thank Marcus Burton, Cary Chandler, Abbey Cole, and Kevin
Sandlin of the CWNP program (www.cwnp.com). All CWNP employees, past and present,
should be proud of the internationally renowned wireless certification program that sets
the education standard within the enterprise Wi-Fi industry. It has been a pleasure working
with all of you the past 10 years. Special thanks go to Marcus Burton for his feedback and
content review.


ffirs.indd viii

1/12/10 9:05:37 PM


Acknowledgments

ix

Thanks goes to the students who attended an October 2009 CWSP evaluation class held in
Atlanta. Those students include Ray Baum and Max Lopez from the University of Colorado,
Joe Altmann from Polycom, and Randall Bobula from the CME Group. Also contributing
that week was our favorite Meruvian, Diana Cortes from the University of Miami.
We would also like to thank Devin Akin, Chief Architect of Aerohive Networks. Devin
has been a Wi-Fi guru for all four authors for many years.
Shawn would also like to thank the following co-workers and professional colleagues:
Nico Arcino, Ken Fisch, Tom Head, Jon Krabbenschmidt, and George Stefanick.
We would also like to thank the following individuals and companies for their support
and contributions to the book:
Aerohive Networks (www.aerohive.com) — Devin Akin, Adam Conway,
and Paul Levasseur
AeroScout (www.aeroscout.com) — Steffan Haithcox and Scott Phillips.
AirDefense (www.airdefense.net) — Ralf Deltrap and David Thomas
AirMagnet (www.airmagnet.com) — Dilip Advani
AirWave (www.airwave.com) — Patrick Smith
Aruba Networks (www.arubanetworks.com) — Carolyn Cutler, Chris Leach,
Andy Logan, Susan Wells, and Micah Wilson
By-Light (www.by-light.com) — Steve Hurdle
CACE Technologies (www.cacetech.com) — Janice Spampinato
Cisco Systems (www.cisco.com) — Chris Allen, John Helm, Matt Swartz,

and Hao Zhao
Fluke Networks (www.flukenetworks.com) — Carolyn Carter, Dan Klimke,
and Lori Whitmer
Immunity (www.immunityinc.com) — Steven Laskowski
NetStumbler (www.netstumbler.com) — Marius Milner
Polycom (www.polycom.com) — Justin Borthwick, Geri Mitchell-Brown,
and Steve Rolapp
Vocera (www.vocera.com) — Arun Mirchandani, Steve Newsome, and Brian Sturges
Wi-Fi Alliance (www.wifi.org) — Kelly Davis-Felner and Krista Ford
WildPackets (www.wildpackets.com) — Stephanie Temples

ffirs.indd ix

1/12/10 9:05:38 PM


About the Authors
David D. Coleman is a WLAN security consultant and trainer. He teaches the CWNP
classes that are recognized throughout the world as the industry standard for wireless
networking certification, and he also conducts vendor-specific Wi-Fi training. He has also
taught numerous “train-the-trainer” classes and “beta” classes for the CWNP program.
David has instructed IT professionals from around the globe in wireless networking
administration, wireless security, and wireless frame analysis. The company he founded,
AirSpy Networks (www.airspy.com), specializes in corporate training and has worked
in the past with Avaya, Nortel, Polycom, and Siemens. AirSpy Networks also specializes in
government classes, and it has trained numerous computer security employees from various
law enforcement agencies, the U.S. Marines, the U.S. Army, the U.S. Navy, the U.S. Air Force,
and other federal and state government agencies. David has written many books and white
papers about wireless networking, and he is considered an authority on 802.11 technology.
David is also a member of the Certified Wireless Network Expert (CWNE) Roundtable,

a selected group of individuals who work with the CWNP program to provide direction for
the CWNP exams and certifications. David resides in Atlanta, Georgia, where he shares a
home with his two children, Carolina and Brantley. David Coleman is CWNE #4, and he
can be reached via email at

David Westcott is an independent consultant and technical trainer with over 25
years of experience in information technology, specializing in computer networking and
security. In addition to providing advice and direction to corporate clients, David has
been a certified trainer for over 17 years, providing training to government agencies,
corporations, and universities around the world. David was an adjunct faculty member for
Boston University’s Corporate Education Center for over 10 years, and he has developed
courseware on wireless networking, wireless mesh networking, wired networking, and
security for Boston University and many other clients.
Since installing his first wireless network in 1999, David has become a Certified Wireless
Network Trainer, Administrator, Security Professional, and Analysis Professional. David is
also a member of the CWNE Roundtable. David has earned certifications from Cisco, Aruba,
Microsoft, EC-Council, CompTIA, and Novell. David lives in Concord, Massachusetts with his
wife Janie and his stepdaughters, Jennifer and Samantha. A licensed pilot, he enjoys flying his
Piper Cherokee 180 around New England when he is not flying around the world commercially.
David is CWNE #7, and he can be reached via email at

ffirs.indd x

1/12/10 9:05:39 PM


About the Authors

xi


Shawn Jackman currently oversees wireless enterprise engineering for a large healthcare
provider and adopter of 802.11 technology. Prior to that, Shawn has been on both sides of
the table, working for a WLAN manufacturer and with wireless integrators. Shawn has
been intensely focused on large-scale VoWiFi, QoS, and RTLS applications for over three
years, and he spends a considerable amount of his time doing end-user design, deployment,
and troubleshooting for various vendors’ equipment. Shawn has traveled the United
States and internationally designing wired and wireless networks, from concept to
completion, for healthcare, warehouse, hospitality, education, metro/municipal,
government, franchise, and retail environments. He has served as an on-air technical
personality for a weekly syndicated call-in talk radio show with over 5 million listeners
worldwide and is considered an authority on Wi-Fi technology.
Shawn is a member of the CWNE Roundtable. He lives in the San Francisco Bay area
with his wife Joy and their three children, Summer, Pierce, and Julia. Shawn is CWNE #54,
and he can be reached via email at
Bryan Harkins is currently the training and development manager for Motorola
AirDefense Solutions and has over 20 years experience in the IT field. He has been involved
in areas ranging from customer support and sales to network security and design. He has
developed custom curriculum for government agencies and Fortune 500 companies alike.
Over the years, he has helped numerous students reach their certification and knowledge
goals through his exceptional skills as an instructor. He delivers both public and
private wireless security classes around the world and holds several prestigious industry
certifications, including MCSE, CWNE, and CWNT.
Bryan has spoken during Secure World Expo, Armed Forces Communications and
Electronics Association (AFCEA) events, and Microsoft Broad Reach as well as many
other industry events. He holds a degree in aviation from Georgia State University. Bryan
is a native of Atlanta, Georgia, and still lives in the area with his wife Ronda and two
daughters, Chrystan and Catelynn. Bryan is also a member of the CWNE Roundtable.
Bryan is CWNE #44, and he can be reached via email at

ffirs.indd xi


1/12/10 9:05:39 PM


ffirs.indd xii

1/12/10 9:05:40 PM


Contents at a Glance
Introduction

xxvii

Assessment Test

ftoc.indd xiii

xlii

Chapter 1

WLAN Security Overview

1

Chapter 2

Legacy 802.11 Security


31

Chapter 3

Encryption Ciphers and Methods

65

Chapter 4

Enterprise 802.11 Layer 2 Authentication Methods

101

Chapter 5

802.11 Layer 2 Dynamic Encryption Key Generation

173

Chapter 6

SOHO 802.11 Security

221

Chapter 7

802.11 Fast Secure Roaming


249

Chapter 8

Wireless Security Risks

291

Chapter 9

Wireless LAN Security Auditing

337

Chapter 10

Wireless Security Monitoring

369

Chapter 11

VPNs, Remote Access, and Guest Access Services

429

Chapter 12

WLAN Security Infrastructure


455

Chapter 13

Wireless Security Policies

509

Appendix A

Abbreviations, Acronyms, and Regulations

553

Appendix B

WLAN Vendors

575

Appendix C

About the Companion CD

579

Glossary

583


Index

623

1/11/10 3:15:55 PM


ftoc.indd xiv

1/11/10 3:15:55 PM


Contents
Introduction

xxvii

Assessment Test
Chapter

Chapter

ftoc.indd xv

1

2

xlii
WLAN Security Overview


1

Standards Organizations
International Organization for Standardization (ISO)
Institute of Electrical and Electronics Engineers (IEEE)
Internet Engineering Task Force (IETF)
Wi-Fi Alliance
802.11 Networking Basics
802.11 Security Basics
Data Privacy
Authentication, Authorization, Accounting (AAA)
Segmentation
Monitoring
Policy
802.11 Security History
802.11i Security amendment and WPA Certifications
Robust Security Network (RSN)
The Future of 802.11 Security
Summary
Exam Essentials
Key Terms
Review Questions
Answers to Review Questions

3
3
4
5
7

10
12
13
15
15
16
16
16
17
19
19
21
22
22
24
29

Legacy 802.11 Security

31

Authentication
Open System Authentication
Shared Key Authentication
Wired Equivalent Privacy (WEP) Encryption
Virtual Private Networks (VPNs)
Point-to-Point Tunneling Protocol (PPTP)
Layer 2 Tunneling Protocol (L2TP)
Internet Protocol Security (IPsec)
Configuration Complexity

Scalability
MAC Filters
SSID Segmentation
SSID Cloaking

32
33
35
38
43
45
46
46
47
47
48
49
51

1/11/10 3:15:56 PM


xvi

Chapter

Chapter

Contents


3

4

Summary
Exam Essentials
Key Terms
Review Questions
Answers to Review Questions

55
55
56
57
62

Encryption Ciphers and Methods

65

Encryption Basics
Symmetric and Asymmetric Algorithms
Stream and Block Ciphers
RC4
RC5
DES
3DES
AES
WLAN Encryption Methods
WEP

WEP MPDU
TKIP
TKIP MPDU
CCMP
CCMP MPDU
WPA/WPA2
Proprietary Layer 2 Implementations
Summary
Exam Essentials
Key Terms
Review Questions
Answers to Review Questions

66
67
68
69
70
70
71
71
72
73
74
75
80
83
85
88
89

90
90
91
93
98

Enterprise 802.11 Layer 2 Authentication Methods 101
WLAN Authentication Overview
AAA
Authentication
Authorization
Accounting
802.1X
Supplicant
Authenticator
Authentication Server
Supplicant Credentials
Usernames and Passwords
Digital Certificates and PACs
One-time Passwords

ftoc.indd xvi

103
104
105
106
108
109
110

115
119
122
123
124
126

1/11/10 3:15:56 PM


Contents

Chapter

ftoc.indd xvii

5

xvii

Smart Cards and USB Tokens
Machine Authentication
Preshared Keys
Proximity Badges and RFID Tags
Biometrics
Authentication Server Credentials
Shared Secret
Legacy Authentication Protocols
PAP
CHAP

MS-CHAP
MS-CHAPv2
EAP
Weak EAP Protocols
EAP-MD5
EAP-LEAP
Strong EAP Protocols
EAP-PEAP
EAP-TTLS
EAP-TLS
EAP-FAST
PACs
Miscellaneous EAP Protocols
EAP-SIM
EAP-AKA
Summary
Exam Essentials
Key Terms
Review Questions
Answers to Review Questions

128
129
130
130
131
131
136
137
137

137
137
138
138
141
142
142
145
146
150
151
153
154
158
158
158
161
161
162
164
169

802.11 Layer 2 Dynamic Encryption
Key Generation

173

Advantages of Dynamic Encryption
Robust Security Network (RSN)
RSN Information Element

Authentication and Key Management (AKM)
RSNA Key Hierarchy
4-Way Handshake
Group Key Handshake
PeerKey Handshake
RSNA Security Associations
Passphrase-to-PSK Mapping
Roaming and Dynamic Keys

174
179
184
189
194
198
201
203
204
205
207

1/11/10 3:15:57 PM


xviii

Chapter

Chapter


Contents

6

7

Summary
Exam Essentials
Key Terms
Review Questions
Answers to Review Questions

207
208
209
210
216

SOHO 802.11 Security

221

WPA/WPA2-Personal
Preshared Keys (PSK) and Passphrases
WPA/WPA2-Personal Risks
Entropy
Proprietary PSK
Wi-Fi Protected Setup (WPS)
WPS Architecture
SOHO Security Best Practices

Summary
Exam Essentials
Key Terms
Review Questions
Answers to Review Questions

222
223
228
228
231
232
233
238
238
239
240
241
246

802.11 Fast Secure Roaming
History of 802.11 Roaming
Client Roaming Thresholds
AP-to-AP Handoff
RSNA
PMKSA
PMK Caching
Preauthentication
Opportunistic Key Caching (OKC)
Proprietary FSR

Fast BSS Transition (FT)
Information Elements
FT Initial Mobility Domain Association
Over-the-Air Fast BSS Transition
Over-the-DS Fast BSS Transition
802.11k
Voice Personal and Voice Enterprise
Layer 3 Roaming
Troubleshooting
SCA Roaming
Exam Essentials
Key Terms
Review Questions
Answers to Review Questions

ftoc.indd xviii

249
250
251
252
254
254
257
259
260
264
264
268
268

270
271
273
273
274
276
277
280
281
283
287

1/11/10 3:15:58 PM


Contents

Chapter

Chapter

8

9

Wireless Security Risks

291

Unauthorized Rogue Access

Rogue Devices
Rogue Prevention
Eavesdropping
Casual Eavesdropping
Malicious Eavesdropping
Eavesdropping Risks
Eavesdropping Prevention
Authentication Attacks
Denial-of-Service Attacks
Layer 1 DoS Attacks
Layer 2 DoS Attacks
MAC Spoofing
Wireless Hijacking
Management Interface Exploits
Vendor Proprietary Attacks
Physical Damage and Theft
Social Engineering
Public Access and WLAN Hotspots
Summary
Exam Essentials
Key Terms
Review Questions
Answers to Review Questions

292
292
296
298
298
300

301
302
303
305
306
310
314
317
321
322
323
324
326
327
327
328
330
334

Wireless LAN Security Auditing
WLAN Security Audit
OSI Layer 1 Audit
OSI Layer 2 Audit
Penetration Testing
Wired Infrastructure Audit
Social Engineering Audit
WIPS Audit
Documenting the Audit
Audit Recommendations
WLAN Security Auditing Tools

Linux-Based Tools
Windows-Based Tools
Summary
Exam Essentials
Key Terms
Review Questions
Answers to Review Questions

ftoc.indd xix

xix

337
338
340
344
347
349
349
350
350
352
353
356
359
359
360
360
361
366


1/11/10 3:15:58 PM


xx

Chapter

Contents

10

Wireless Security Monitoring
Wireless Intrusion Detection and Prevention Systems
(WIDS and WIPS)
WIDS/WIPS Infrastructure Components
WIDS/WIPS Architecture Models
Multiple Radio Sensors
Sensor Placement
Device Classification
Rogue Detection
Rogue Mitigation
Device Tracking
WIDS/WIPS Analysis
Signature Analysis
Behavioral Analysis
Protocol Analysis
Spectrum Analysis
Forensic Analysis
Performance Analysis

Monitoring
Policy Enforcement
Alarms and Notification
False Positives
Reports
802.11n
Proprietary WIPS
Cloaking
Management Frame Protection
802.11w
Summary
Exam Essentials
Key Terms
Review Questions
Answers to Review Questions

Chapter

11

371
372
375
382
383
384
386
389
392
397

397
398
398
400
402
403
404
404
406
409
410
410
413
414
414
415
416
417
418
419
424

VPNs, Remote Access, and Guest Access Services 429
VPN Technology in 802.11 WLAN Architecture
VPN 101
VPN Client
WLAN Controllers: VPN Server for Client Access
VPN Client Security at Public Hotspots
Controller-to-Controller VPNs and Site-to-Site VPNs
VPNs Used to Protect Bridge Links

Remote Access

ftoc.indd xx

369

430
431
433
433
434
435
436
437

1/11/10 3:15:59 PM


Contents

Remote AP
Virtual Branch Office Networking
Hotspots/Public Access Networks
Captive Portal
Summary
Exam Essentials
Key Terms
Review Questions
Answers to Review Questions
Chapter


12

WLAN Security Infrastructure
WLAN Architecture Capabilities Overview
Distribution System (DS)
Autonomous APs
WLAN Controllers
Split MAC
Mesh
WLAN Bridging
Cooperative Control
Location-Based Access Control
Hot Standby/Failover
Device Management
Protocols for Management
CAPWAP and LWAPP
Wireless Network Management System
RADIUS/LDAP Servers
Proxy Services
Features and Components
Integration
EAP Type Selection
Deployment Architectures and Scaling
RADIUS Failover
Timer Values
WAN Traversal
Multifactor Authentication Servers
Public Key Infrastructure (PKI)
Role-Based Access Control

Enterprise Encryption Gateways
Summary
Exam Essentials
Key Terms
Review Questions
Answers to Review Questions

ftoc.indd xxi

xxi

437
441
441
442
445
445
446
447
452
455
457
458
458
460
465
465
467
467
469

469
470
471
475
476
477
477
478
480
481
482
487
488
490
491
491
494
497
498
499
500
501
505

1/11/10 3:16:00 PM


xxii

Chapter


Contents

13

Wireless Security Policies
General Policy
Policy Creation
Policy Management
Functional Policy
Password Policy
RBAC Policy
Change Control Policy
Authentication and Encryption Policy
WLAN Monitoring Policy
Endpoint Policy
Acceptable Use Policy
Physical Security
Remote Office Policy
Government and Industry Regulations
The US Department of Defense (DoD) Directive 8100.2
Federal Information Processing Standards (FIPS) 140-2
The Sarbanes-Oxley Act of 2002 (SOX)
Health Insurance Portability and Accountability
Act (HIPAA)
Payment Card Industry (PCI) Standard
Compliance Reports
802.11 WLAN Policy Recommendations
Summary
Exam Essentials

Key Terms
Review Questions
Answers to Review Questions

509
511
511
514
515
516
517
517
518
519
519
523
523
523
524
525
527
528
532
534
539
539
540
541
542
543

549

Appendices
Appendix

A

Abbreviations, Acronyms, and Regulations
Certifications
Organizations and Regulations
Measurements
Technical Terms
Power Regulations
2.4 GHz ISM Point-to-Multipoint (PtMP)
Communications
5 GHz UNII Point-to-Multipoint (PtMP)
Communications
2.4 GHz ISM Point-to-Point (PtP) Communications
5 GHz UNII Point-to-Point (PtP) Communications

ftoc.indd xxii

553
554
554
555
556
569
570
570

571
572

1/11/10 3:16:00 PM


Contents

Windows Registry Values that Control
Preauthentication and PMK Caching
Appendix

B

WLAN Vendors
WLAN Infrastructure
WLAN Mesh Infrastructure
WLAN Auditing, Diagnostic, and Design Solutions
WLAN Management
WLAN Security Solutions
VoWiFi Solutions
WLAN Fixed Mobile Convergence
WLAN RTLS Solutions
WLAN SOHO Vendors

Appendix

Glossary
Index


ftoc.indd xxiii

C

xxiii

572
575
576
576
577
577
577
578
578
578
578

About the Companion CD

579

What You’ll Find on the CD
Sybex Test Engine
Electronic Flashcards
System Requirements
Using the CD
Troubleshooting
Customer Care


580
580
580
581
581
581
582
583
623

1/11/10 3:16:01 PM