The Official Study Guide for
Exam PW0-204 from CWNP
Official Study Guide
• Full coverage of all exam objectives in a systematic approach, so you can
be confident you’re getting the instruction you need for the exam
• Exam Essentials, a key feature in each chapter that identifies critical areas
you must become proficient in before taking the exam
• White papers, demo software, practice exams, and over 150 flashcards on
the CD to further facilitate your learning
• A handy tear card that maps every official exam objective to the
corresponding chapter in the book, so you can track your exam prep
objective by objective
Look inside for complete coverage of all exam objectives.
ELECTRONIC FLASHCARDS:
Reinforce your understanding with
electronic flashcards.
ABOUT THE AUTHORS
The CD also includes white papers and
demo software.
David D. Coleman, CWNE #4, CWNA, CWSP, CWNT, is a WLAN security consultant and technical
trainer with over twenty years of IT experience. The company he founded, AirSpy Networks
(www.airspy.com), specializes in corporate WLAN training. David A. Westcott, CWNE #7, CWNA,
CWSP, CWNT, is an independent consultant and WLAN technical trainer with over twenty years of
experience. He has been a certified trainer for over fifteen years. Bryan E. Harkins, CWNE #44, CWSP,
CWNA, CWNT, is the Training and Development Manager for Motorola AirDefense Solutions, a
market leader in wireless intrusion prevention systems. Shawn M. Jackman, CWNE #54, CWNA,
CWSP, CWAP is a principal WLAN engineer with Kaiser Permanente. He has over fifteen years’
experience working with wireless manufacturers and integrators.
ISBN 978-0-470-43891-6
$69.99 US
$83.99 CN
®
• Challenging review questions in each chapter to prepare you for exam day
Certified Wireless
Security Professional
Official Study Guide
• Real-world scenarios that put what you’ve learned in the context of actual
job roles
SYBEX TEST ENGINE:
Test your knowledge with advanced
testing software. Includes all chapter
review questions and practice exams.
Exam PW0-204
CWSP
Prepare for the Certified Wireless Security Professional exam (PW0-204)
with this new Official Study Guide from CWNP. This comprehensive resource
covers everything you need for the exam, including wireless security basics,
risks, and policies; legacy 802.11 security and robust network security (RSN);
encryption ciphers and methods; enterprise 802.11 layer 2 authentication
methods; fast secure roaming, wireless intrusion prevention; and many
other essential WLAN security topics and concepts. Inside you’ll find:
• Practical hands-on exercises to reinforce critical skills
Official Study Guide
FEATURED ON THE CD
®
CWSP
®
Certified Wireless Security Professional
Official Study Guide
David D. Coleman
David A. Westcott
Bryan E. Harkins
Shawn M. Jackman
Study anywhere, any time, and approach
the exam with confidence.
Exam PW0-204
Coleman
Westcott
Harkins
Jackman
www.sybex.com
CATEGORY:
COMPUTERS/Certification Guides
• Hundreds of Sample Questions
• Electronic Flashcards
• Case Studies and Demo Software
ABOUT THE CWNP PROGRAM
CWNP is the industry standard for vendorneutral, enterprise WLAN certifications.
The focus is to educate IT professionals in
the technology behind all enterprise WLAN
products and to enable these professionals to manage wireless LAN enterprise
infrastructures, regardless of the vendor
solution utilized. CWNP is a privately held
corporation based in Atlanta, Georgia. For
more information, visit www.cwnp.com.
Includes Real-World Scenarios, Hands-On Exercises,
and Leading-Edge Exam Prep Software Featuring:
SERIOUS SKILLS.
ffirs.indd ii
1/12/10 9:05:35 PM
CWSP
®
Certified Wireless Security
Professional Official
Study Guide
ffirs.indd i
1/12/10 9:05:32 PM
ffirs.indd ii
1/12/10 9:05:35 PM
CWSP
®
Certified Wireless Security
Professional Official
Study Guide
David Coleman, David Westcott,
Bryan Harkins, and Shawn Jackman
ffirs.indd iii
1/12/10 9:05:35 PM
Acquisitions Editor: Jeff Kellum
Development Editor: Gary Schwartz
Technical Editors: Sam Coyl and Marcus Burton
Production Editor: Rachel McConlogue
Copy Editor: Liz Welch
Editorial Manager: Pete Gaughan
Production Manager: Tim Tate
Vice President and Executive Group Publisher: Richard Swadley
Vice President and Publisher: Neil Edde
Media Project Manager 1: Laura Moss-Hollister
Media Associate Producer: Marilyn Hummel
Media Quality Assurance: Josh Frank
Book Designers: Judy Fung and Bill Gibson
Proofreader: Publication Services, Inc.
Indexer: Ted Laux
Project Coordinator, Cover: Lynsey Stanford
Cover Designer: Ryan Sneed
Copyright © 2010 by Wiley Publishing, Inc., Indianapolis, Indiana
Published simultaneously in Canada
ISBN: 978-0-470-43891-6
No part of this publication may be reproduced, stored in a retrieval system or transmitted in any form or by
any means, electronic, mechanical, photocopying, recording, scanning or otherwise, except as permitted under
Sections 107 or 108 of the 1976 United States Copyright Act, without either the prior written permission of the
Publisher, or authorization through payment of the appropriate per-copy fee to the Copyright Clearance Center,
222 Rosewood Drive, Danvers, MA 01923, (978) 750-8400, fax (978) 646-8600. Requests to the Publisher
for permission should be addressed to the Permissions Department, John Wiley & Sons, Inc., 111 River Street,
Hoboken, NJ 07030, (201) 748-6011, fax (201) 748-6008, or online at />Limit of Liability/Disclaimer of Warranty: The publisher and the author make no representations or warranties
with respect to the accuracy or completeness of the contents of this work and specifically disclaim all warranties, including without limitation warranties of fitness for a particular purpose. No warranty may be created or
extended by sales or promotional materials. The advice and strategies contained herein may not be suitable for
every situation. This work is sold with the understanding that the publisher is not engaged in rendering legal,
accounting, or other professional services. If professional assistance is required, the services of a competent
professional person should be sought. Neither the publisher nor the author shall be liable for damages arising herefrom. The fact that an organization or Web site is referred to in this work as a citation and/or a potential source of
further information does not mean that the author or the publisher endorses the information the organization or
Web site may provide or recommendations it may make. Further, readers should be aware that Internet Web sites
listed in this work may have changed or disappeared between when this work was written and when it is read.
For general information on our other products and services or to obtain technical support, please contact our
Customer Care Department within the U.S. at (877) 762-2974, outside the U.S. at (317) 572-3993 or fax
(317) 572-4002.
Wiley also publishes its books in a variety of electronic formats. Some content that appears in print may not be
available in electronic books.
Library of Congress Cataloging-in-Publication Data
CWSP : certified wireless security professional official study guide (exam PW0-204) / David D. Coleman . . .
[et al.]. — 1st ed.
p. cm.
ISBN 978-0-470-43891-6
1. Wireless communication systems — Security measures — Examinations — Study guides.
2. Telecommunications engineers — Certification. I. Coleman, David D.
TK5103.2.C87 2010
005.8076—dc22
2009042658
TRADEMARKS: Wiley, the Wiley logo, and the Sybex logo are trademarks or registered trademarks of John
Wiley & Sons, Inc. and/or its affiliates, in the United States and other countries, and may not be used without
written permission. CWSP is a registered trademark of CWNP, Inc. All other trademarks are the property of their
respective owners. Wiley Publishing, Inc., is not associated with any product or vendor mentioned in this book.
10 9 8 7 6 5 4 3 2 1
ffirs.indd iv
1/12/10 9:05:36 PM
Dear Reader,
Thank you for choosing CWSP: Certifi ed Wireless Security Professional Official Study
Guide. This book is part of a family of premium-quality Sybex books, all of which are
written by outstanding authors who combine practical experience with a gift for teaching.
Sybex was founded in 1976. More than 30 years later, we’re still committed to producing
consistently exceptional books. With each of our titles, we’re working hard to set a new
standard for the industry. From the paper we print on, to the authors we work with, our
goal is to bring you the best books available.
I hope you see all that reflected in these pages. I’d be very interested to hear your
comments and get your feedback on how we’re doing. Feel free to let me know what you
think about this or any other Sybex book by sending me an email at If
you think you’ve found a technical error in this book, please visit thelp
.com. Customer feedback is critical to our efforts at Sybex.
Best regards,
Neil Edde
Vice President and Publisher
Sybex, an Imprint of Wiley
ffirs.indd v
1/12/10 9:05:37 PM
ffirs.indd vi
1/12/10 9:05:37 PM
We dedicate this book to all the men and women of the United States
Armed Forces for putting their private lives aside to preserve and protect
freedom. Thank you for your service and your sacrifi ce.
ffirs.indd vii
1/12/10 9:05:37 PM
Acknowledgments
David Coleman would once again like to thank his children, Brantley and Carolina, for their
patience and understanding of their father throughout the writing of yet another book. I love
you kids very much. David would also like to thank his mother, Marjorie Barnes, and his
stepfather, William Barnes, for many years of support and encouragement. David would also
like to thank his brother, Rob Coleman, for all his help during a tough year.
David Westcott would like to thank his parents, Kathy and George, who have provided
so much support and love and from whom he has learned so much. He would also like to
thank Janie, Jennifer, and Samantha for their patience and understanding of life on the
road and for their support throughout the writing of this book.
Bryan Harkins would like to thank his wife, Ronda, and his two daughters, Chrystan
and Catelynn, for enduring the constant travel and time away from them it has taken
to create this book. I love the three of you very much. I would also like to thank my
parents for always being there and my brother Chris for getting me into IT in the fi rst
place. Additionally, I would like to thank David Thomas and Ralf Deltrap of Motorola
AirDefense Solutions for making me part of the AirDefense team years ago.
Shawn Jackman would like to thank his parents, Alice and Steve, for the many years
of encouragement and unquestioning support, but most of all for leading by example as a
parent, provider, and character example. Shawn would also like to thank his wife, Joy, the
world’s most supportive and wonderful woman a Wi-Fi geek could ever ask for. And, of
course, to his children, Summer, Pierce, and Julia, who are loved by their daddy more than
they will ever know.
Writing CWSP: Certifi ed Wireless Security Professional Offi cial Study Guide has been
an adventure from the start. We would like to thank the following individuals for their
support and contributions during the entire process.
We must fi rst thank Sybex acquisitions editor Jeff Kellum for initially fi nding us and
bringing us on to this project. Jeff is an extremely patient and understanding editor who
occasionally sends a nasty email message. We would also like to thank our development
editor, Gary Schwartz. We also need to send special thanks to our editorial manager, Pete
Gaughan; our production editor, Rachel McConlogue; and Liz Welch, our copyeditor.
We also need to give a big shout-out to our technical editor, Sam Coyl. Sam is a member
of the IEEE with many years of practical experience in wireless communications. His
contributions to the book were nothing short of invaluable. When Sam is not providing
awesome technical editing, he is vice president of business development for Netrepid
(www.netrepid.com), a wireless solutions provider.
We would also like to thank Marcus Burton, Cary Chandler, Abbey Cole, and Kevin
Sandlin of the CWNP program (www.cwnp.com). All CWNP employees, past and present,
should be proud of the internationally renowned wireless certification program that sets
the education standard within the enterprise Wi-Fi industry. It has been a pleasure working
with all of you the past 10 years. Special thanks go to Marcus Burton for his feedback and
content review.
ffirs.indd viii
1/12/10 9:05:37 PM
Acknowledgments
ix
Thanks goes to the students who attended an October 2009 CWSP evaluation class held in
Atlanta. Those students include Ray Baum and Max Lopez from the University of Colorado,
Joe Altmann from Polycom, and Randall Bobula from the CME Group. Also contributing
that week was our favorite Meruvian, Diana Cortes from the University of Miami.
We would also like to thank Devin Akin, Chief Architect of Aerohive Networks. Devin
has been a Wi-Fi guru for all four authors for many years.
Shawn would also like to thank the following co-workers and professional colleagues:
Nico Arcino, Ken Fisch, Tom Head, Jon Krabbenschmidt, and George Stefanick.
We would also like to thank the following individuals and companies for their support
and contributions to the book:
Aerohive Networks (www.aerohive.com) — Devin Akin, Adam Conway,
and Paul Levasseur
AeroScout (www.aeroscout.com) — Steffan Haithcox and Scott Phillips.
AirDefense (www.airdefense.net) — Ralf Deltrap and David Thomas
AirMagnet (www.airmagnet.com) — Dilip Advani
AirWave (www.airwave.com) — Patrick Smith
Aruba Networks (www.arubanetworks.com) — Carolyn Cutler, Chris Leach,
Andy Logan, Susan Wells, and Micah Wilson
By-Light (www.by-light.com) — Steve Hurdle
CACE Technologies (www.cacetech.com) — Janice Spampinato
Cisco Systems (www.cisco.com) — Chris Allen, John Helm, Matt Swartz,
and Hao Zhao
Fluke Networks (www.flukenetworks.com) — Carolyn Carter, Dan Klimke,
and Lori Whitmer
Immunity (www.immunityinc.com) — Steven Laskowski
NetStumbler (www.netstumbler.com) — Marius Milner
Polycom (www.polycom.com) — Justin Borthwick, Geri Mitchell-Brown,
and Steve Rolapp
Vocera (www.vocera.com) — Arun Mirchandani, Steve Newsome, and Brian Sturges
Wi-Fi Alliance (www.wifi.org) — Kelly Davis-Felner and Krista Ford
WildPackets (www.wildpackets.com) — Stephanie Temples
ffirs.indd ix
1/12/10 9:05:38 PM
About the Authors
David D. Coleman is a WLAN security consultant and trainer. He teaches the CWNP
classes that are recognized throughout the world as the industry standard for wireless
networking certification, and he also conducts vendor-specific Wi-Fi training. He has also
taught numerous “train-the-trainer” classes and “beta” classes for the CWNP program.
David has instructed IT professionals from around the globe in wireless networking
administration, wireless security, and wireless frame analysis. The company he founded,
AirSpy Networks (www.airspy.com), specializes in corporate training and has worked
in the past with Avaya, Nortel, Polycom, and Siemens. AirSpy Networks also specializes in
government classes, and it has trained numerous computer security employees from various
law enforcement agencies, the U.S. Marines, the U.S. Army, the U.S. Navy, the U.S. Air Force,
and other federal and state government agencies. David has written many books and white
papers about wireless networking, and he is considered an authority on 802.11 technology.
David is also a member of the Certified Wireless Network Expert (CWNE) Roundtable,
a selected group of individuals who work with the CWNP program to provide direction for
the CWNP exams and certifications. David resides in Atlanta, Georgia, where he shares a
home with his two children, Carolina and Brantley. David Coleman is CWNE #4, and he
can be reached via email at
David Westcott is an independent consultant and technical trainer with over 25
years of experience in information technology, specializing in computer networking and
security. In addition to providing advice and direction to corporate clients, David has
been a certified trainer for over 17 years, providing training to government agencies,
corporations, and universities around the world. David was an adjunct faculty member for
Boston University’s Corporate Education Center for over 10 years, and he has developed
courseware on wireless networking, wireless mesh networking, wired networking, and
security for Boston University and many other clients.
Since installing his first wireless network in 1999, David has become a Certified Wireless
Network Trainer, Administrator, Security Professional, and Analysis Professional. David is
also a member of the CWNE Roundtable. David has earned certifications from Cisco, Aruba,
Microsoft, EC-Council, CompTIA, and Novell. David lives in Concord, Massachusetts with his
wife Janie and his stepdaughters, Jennifer and Samantha. A licensed pilot, he enjoys flying his
Piper Cherokee 180 around New England when he is not flying around the world commercially.
David is CWNE #7, and he can be reached via email at
ffirs.indd x
1/12/10 9:05:39 PM
About the Authors
xi
Shawn Jackman currently oversees wireless enterprise engineering for a large healthcare
provider and adopter of 802.11 technology. Prior to that, Shawn has been on both sides of
the table, working for a WLAN manufacturer and with wireless integrators. Shawn has
been intensely focused on large-scale VoWiFi, QoS, and RTLS applications for over three
years, and he spends a considerable amount of his time doing end-user design, deployment,
and troubleshooting for various vendors’ equipment. Shawn has traveled the United
States and internationally designing wired and wireless networks, from concept to
completion, for healthcare, warehouse, hospitality, education, metro/municipal,
government, franchise, and retail environments. He has served as an on-air technical
personality for a weekly syndicated call-in talk radio show with over 5 million listeners
worldwide and is considered an authority on Wi-Fi technology.
Shawn is a member of the CWNE Roundtable. He lives in the San Francisco Bay area
with his wife Joy and their three children, Summer, Pierce, and Julia. Shawn is CWNE #54,
and he can be reached via email at
Bryan Harkins is currently the training and development manager for Motorola
AirDefense Solutions and has over 20 years experience in the IT field. He has been involved
in areas ranging from customer support and sales to network security and design. He has
developed custom curriculum for government agencies and Fortune 500 companies alike.
Over the years, he has helped numerous students reach their certification and knowledge
goals through his exceptional skills as an instructor. He delivers both public and
private wireless security classes around the world and holds several prestigious industry
certifications, including MCSE, CWNE, and CWNT.
Bryan has spoken during Secure World Expo, Armed Forces Communications and
Electronics Association (AFCEA) events, and Microsoft Broad Reach as well as many
other industry events. He holds a degree in aviation from Georgia State University. Bryan
is a native of Atlanta, Georgia, and still lives in the area with his wife Ronda and two
daughters, Chrystan and Catelynn. Bryan is also a member of the CWNE Roundtable.
Bryan is CWNE #44, and he can be reached via email at
ffirs.indd xi
1/12/10 9:05:39 PM
ffirs.indd xii
1/12/10 9:05:40 PM
Contents at a Glance
Introduction
xxvii
Assessment Test
ftoc.indd xiii
xlii
Chapter 1
WLAN Security Overview
1
Chapter 2
Legacy 802.11 Security
31
Chapter 3
Encryption Ciphers and Methods
65
Chapter 4
Enterprise 802.11 Layer 2 Authentication Methods
101
Chapter 5
802.11 Layer 2 Dynamic Encryption Key Generation
173
Chapter 6
SOHO 802.11 Security
221
Chapter 7
802.11 Fast Secure Roaming
249
Chapter 8
Wireless Security Risks
291
Chapter 9
Wireless LAN Security Auditing
337
Chapter 10
Wireless Security Monitoring
369
Chapter 11
VPNs, Remote Access, and Guest Access Services
429
Chapter 12
WLAN Security Infrastructure
455
Chapter 13
Wireless Security Policies
509
Appendix A
Abbreviations, Acronyms, and Regulations
553
Appendix B
WLAN Vendors
575
Appendix C
About the Companion CD
579
Glossary
583
Index
623
1/11/10 3:15:55 PM
ftoc.indd xiv
1/11/10 3:15:55 PM
Contents
Introduction
xxvii
Assessment Test
Chapter
Chapter
ftoc.indd xv
1
2
xlii
WLAN Security Overview
1
Standards Organizations
International Organization for Standardization (ISO)
Institute of Electrical and Electronics Engineers (IEEE)
Internet Engineering Task Force (IETF)
Wi-Fi Alliance
802.11 Networking Basics
802.11 Security Basics
Data Privacy
Authentication, Authorization, Accounting (AAA)
Segmentation
Monitoring
Policy
802.11 Security History
802.11i Security amendment and WPA Certifications
Robust Security Network (RSN)
The Future of 802.11 Security
Summary
Exam Essentials
Key Terms
Review Questions
Answers to Review Questions
3
3
4
5
7
10
12
13
15
15
16
16
16
17
19
19
21
22
22
24
29
Legacy 802.11 Security
31
Authentication
Open System Authentication
Shared Key Authentication
Wired Equivalent Privacy (WEP) Encryption
Virtual Private Networks (VPNs)
Point-to-Point Tunneling Protocol (PPTP)
Layer 2 Tunneling Protocol (L2TP)
Internet Protocol Security (IPsec)
Configuration Complexity
Scalability
MAC Filters
SSID Segmentation
SSID Cloaking
32
33
35
38
43
45
46
46
47
47
48
49
51
1/11/10 3:15:56 PM
xvi
Chapter
Chapter
Contents
3
4
Summary
Exam Essentials
Key Terms
Review Questions
Answers to Review Questions
55
55
56
57
62
Encryption Ciphers and Methods
65
Encryption Basics
Symmetric and Asymmetric Algorithms
Stream and Block Ciphers
RC4
RC5
DES
3DES
AES
WLAN Encryption Methods
WEP
WEP MPDU
TKIP
TKIP MPDU
CCMP
CCMP MPDU
WPA/WPA2
Proprietary Layer 2 Implementations
Summary
Exam Essentials
Key Terms
Review Questions
Answers to Review Questions
66
67
68
69
70
70
71
71
72
73
74
75
80
83
85
88
89
90
90
91
93
98
Enterprise 802.11 Layer 2 Authentication Methods 101
WLAN Authentication Overview
AAA
Authentication
Authorization
Accounting
802.1X
Supplicant
Authenticator
Authentication Server
Supplicant Credentials
Usernames and Passwords
Digital Certificates and PACs
One-time Passwords
ftoc.indd xvi
103
104
105
106
108
109
110
115
119
122
123
124
126
1/11/10 3:15:56 PM
Contents
Chapter
ftoc.indd xvii
5
xvii
Smart Cards and USB Tokens
Machine Authentication
Preshared Keys
Proximity Badges and RFID Tags
Biometrics
Authentication Server Credentials
Shared Secret
Legacy Authentication Protocols
PAP
CHAP
MS-CHAP
MS-CHAPv2
EAP
Weak EAP Protocols
EAP-MD5
EAP-LEAP
Strong EAP Protocols
EAP-PEAP
EAP-TTLS
EAP-TLS
EAP-FAST
PACs
Miscellaneous EAP Protocols
EAP-SIM
EAP-AKA
Summary
Exam Essentials
Key Terms
Review Questions
Answers to Review Questions
128
129
130
130
131
131
136
137
137
137
137
138
138
141
142
142
145
146
150
151
153
154
158
158
158
161
161
162
164
169
802.11 Layer 2 Dynamic Encryption
Key Generation
173
Advantages of Dynamic Encryption
Robust Security Network (RSN)
RSN Information Element
Authentication and Key Management (AKM)
RSNA Key Hierarchy
4-Way Handshake
Group Key Handshake
PeerKey Handshake
RSNA Security Associations
Passphrase-to-PSK Mapping
Roaming and Dynamic Keys
174
179
184
189
194
198
201
203
204
205
207
1/11/10 3:15:57 PM
xviii
Chapter
Chapter
Contents
6
7
Summary
Exam Essentials
Key Terms
Review Questions
Answers to Review Questions
207
208
209
210
216
SOHO 802.11 Security
221
WPA/WPA2-Personal
Preshared Keys (PSK) and Passphrases
WPA/WPA2-Personal Risks
Entropy
Proprietary PSK
Wi-Fi Protected Setup (WPS)
WPS Architecture
SOHO Security Best Practices
Summary
Exam Essentials
Key Terms
Review Questions
Answers to Review Questions
222
223
228
228
231
232
233
238
238
239
240
241
246
802.11 Fast Secure Roaming
History of 802.11 Roaming
Client Roaming Thresholds
AP-to-AP Handoff
RSNA
PMKSA
PMK Caching
Preauthentication
Opportunistic Key Caching (OKC)
Proprietary FSR
Fast BSS Transition (FT)
Information Elements
FT Initial Mobility Domain Association
Over-the-Air Fast BSS Transition
Over-the-DS Fast BSS Transition
802.11k
Voice Personal and Voice Enterprise
Layer 3 Roaming
Troubleshooting
SCA Roaming
Exam Essentials
Key Terms
Review Questions
Answers to Review Questions
ftoc.indd xviii
249
250
251
252
254
254
257
259
260
264
264
268
268
270
271
273
273
274
276
277
280
281
283
287
1/11/10 3:15:58 PM
Contents
Chapter
Chapter
8
9
Wireless Security Risks
291
Unauthorized Rogue Access
Rogue Devices
Rogue Prevention
Eavesdropping
Casual Eavesdropping
Malicious Eavesdropping
Eavesdropping Risks
Eavesdropping Prevention
Authentication Attacks
Denial-of-Service Attacks
Layer 1 DoS Attacks
Layer 2 DoS Attacks
MAC Spoofing
Wireless Hijacking
Management Interface Exploits
Vendor Proprietary Attacks
Physical Damage and Theft
Social Engineering
Public Access and WLAN Hotspots
Summary
Exam Essentials
Key Terms
Review Questions
Answers to Review Questions
292
292
296
298
298
300
301
302
303
305
306
310
314
317
321
322
323
324
326
327
327
328
330
334
Wireless LAN Security Auditing
WLAN Security Audit
OSI Layer 1 Audit
OSI Layer 2 Audit
Penetration Testing
Wired Infrastructure Audit
Social Engineering Audit
WIPS Audit
Documenting the Audit
Audit Recommendations
WLAN Security Auditing Tools
Linux-Based Tools
Windows-Based Tools
Summary
Exam Essentials
Key Terms
Review Questions
Answers to Review Questions
ftoc.indd xix
xix
337
338
340
344
347
349
349
350
350
352
353
356
359
359
360
360
361
366
1/11/10 3:15:58 PM
xx
Chapter
Contents
10
Wireless Security Monitoring
Wireless Intrusion Detection and Prevention Systems
(WIDS and WIPS)
WIDS/WIPS Infrastructure Components
WIDS/WIPS Architecture Models
Multiple Radio Sensors
Sensor Placement
Device Classification
Rogue Detection
Rogue Mitigation
Device Tracking
WIDS/WIPS Analysis
Signature Analysis
Behavioral Analysis
Protocol Analysis
Spectrum Analysis
Forensic Analysis
Performance Analysis
Monitoring
Policy Enforcement
Alarms and Notification
False Positives
Reports
802.11n
Proprietary WIPS
Cloaking
Management Frame Protection
802.11w
Summary
Exam Essentials
Key Terms
Review Questions
Answers to Review Questions
Chapter
11
371
372
375
382
383
384
386
389
392
397
397
398
398
400
402
403
404
404
406
409
410
410
413
414
414
415
416
417
418
419
424
VPNs, Remote Access, and Guest Access Services 429
VPN Technology in 802.11 WLAN Architecture
VPN 101
VPN Client
WLAN Controllers: VPN Server for Client Access
VPN Client Security at Public Hotspots
Controller-to-Controller VPNs and Site-to-Site VPNs
VPNs Used to Protect Bridge Links
Remote Access
ftoc.indd xx
369
430
431
433
433
434
435
436
437
1/11/10 3:15:59 PM
Contents
Remote AP
Virtual Branch Office Networking
Hotspots/Public Access Networks
Captive Portal
Summary
Exam Essentials
Key Terms
Review Questions
Answers to Review Questions
Chapter
12
WLAN Security Infrastructure
WLAN Architecture Capabilities Overview
Distribution System (DS)
Autonomous APs
WLAN Controllers
Split MAC
Mesh
WLAN Bridging
Cooperative Control
Location-Based Access Control
Hot Standby/Failover
Device Management
Protocols for Management
CAPWAP and LWAPP
Wireless Network Management System
RADIUS/LDAP Servers
Proxy Services
Features and Components
Integration
EAP Type Selection
Deployment Architectures and Scaling
RADIUS Failover
Timer Values
WAN Traversal
Multifactor Authentication Servers
Public Key Infrastructure (PKI)
Role-Based Access Control
Enterprise Encryption Gateways
Summary
Exam Essentials
Key Terms
Review Questions
Answers to Review Questions
ftoc.indd xxi
xxi
437
441
441
442
445
445
446
447
452
455
457
458
458
460
465
465
467
467
469
469
470
471
475
476
477
477
478
480
481
482
487
488
490
491
491
494
497
498
499
500
501
505
1/11/10 3:16:00 PM
xxii
Chapter
Contents
13
Wireless Security Policies
General Policy
Policy Creation
Policy Management
Functional Policy
Password Policy
RBAC Policy
Change Control Policy
Authentication and Encryption Policy
WLAN Monitoring Policy
Endpoint Policy
Acceptable Use Policy
Physical Security
Remote Office Policy
Government and Industry Regulations
The US Department of Defense (DoD) Directive 8100.2
Federal Information Processing Standards (FIPS) 140-2
The Sarbanes-Oxley Act of 2002 (SOX)
Health Insurance Portability and Accountability
Act (HIPAA)
Payment Card Industry (PCI) Standard
Compliance Reports
802.11 WLAN Policy Recommendations
Summary
Exam Essentials
Key Terms
Review Questions
Answers to Review Questions
509
511
511
514
515
516
517
517
518
519
519
523
523
523
524
525
527
528
532
534
539
539
540
541
542
543
549
Appendices
Appendix
A
Abbreviations, Acronyms, and Regulations
Certifications
Organizations and Regulations
Measurements
Technical Terms
Power Regulations
2.4 GHz ISM Point-to-Multipoint (PtMP)
Communications
5 GHz UNII Point-to-Multipoint (PtMP)
Communications
2.4 GHz ISM Point-to-Point (PtP) Communications
5 GHz UNII Point-to-Point (PtP) Communications
ftoc.indd xxii
553
554
554
555
556
569
570
570
571
572
1/11/10 3:16:00 PM
Contents
Windows Registry Values that Control
Preauthentication and PMK Caching
Appendix
B
WLAN Vendors
WLAN Infrastructure
WLAN Mesh Infrastructure
WLAN Auditing, Diagnostic, and Design Solutions
WLAN Management
WLAN Security Solutions
VoWiFi Solutions
WLAN Fixed Mobile Convergence
WLAN RTLS Solutions
WLAN SOHO Vendors
Appendix
Glossary
Index
ftoc.indd xxiii
C
xxiii
572
575
576
576
577
577
577
578
578
578
578
About the Companion CD
579
What You’ll Find on the CD
Sybex Test Engine
Electronic Flashcards
System Requirements
Using the CD
Troubleshooting
Customer Care
580
580
580
581
581
581
582
583
623
1/11/10 3:16:01 PM