CWSP – Certified Wireless Security Professional Study Guide CWSP–205, 2e - D Coleman

CWSP – Certified Wireless Security Professional Study Guide CWSP–205, 2e

(Autor)

Buch | Softcover
696 Seiten
2016
John Wiley & Sons Inc (Verlag)
978-1-119-21108-2 (ISBN)
64,09 inkl. MwSt
  • Titel ist leider vergriffen;
    keine Neuauflage
  • Artikel merken
The most detailed, comprehensive coverage of CWSP-205 exam objectives CWSP: Certified Wireless Security Professional Study Guide offers comprehensive preparation for the CWSP-205 exam.
The most detailed, comprehensive coverage of CWSP-205 exam objectives CWSP: Certified Wireless Security Professional Study Guide offers comprehensive preparation for the CWSP-205 exam. Fully updated to align with the new 2015 exam, this guide covers all exam objectives and gives you access to the Sybex interactive online learning system so you can go into the test fully confident in your skills. Coverage includes WLAN discovery, intrusion and attack, 802.11 protocol analysis, wireless intrusion prevention system implementation, Layer 2 and 3 VPN over 802.11 networks, managed endpoint security systems, and more. Content new to this edition features discussions about BYOD and guest access, as well as detailed and insightful guidance on troubleshooting. With more than double the coverage of the official exam guide, plus access to interactive learning tools, this book is your ultimate solution for CWSP-205 exam prep. The CWSP is the leading vendor-neutral security certification administered for IT professionals, developed for those working with and securing wireless networks.
As an advanced certification, the CWSP requires rigorous preparation and this book provides more coverage and expert insight than any other source. * Learn the ins and outs of advanced network security * Study 100 percent of CWSP-205 objectives * Test your understanding with two complete practice exams * Gauge your level of preparedness with a pre-test assessment The CWSP is a springboard for more advanced certifications, and the premier qualification employers look for in the field. If you ve already earned the CWTS and the CWNA, it s time to take your career to the next level. CWSP: Certified Wireless Security Professional Study Guide is your ideal companion for effective, efficient CWSP-205 preparation.

David D. Coleman, CWNE #4, is a WLAN security consultant, technical trainer, public speaker, and the Senior Mobility Leader for Aerohive Networks. David A. Westcott, CWNE #7, is an independent consultant and WLAN technical trainer of over thirty years. Bryan Harkins, CWNE #44, is a WLAN technical trainer, consultant, and the Director of Cradlepoint University.

Foreword xxv Introduction xxvii Assessment Test xxxviii Chapter 1 WLAN Security Overview 1 Standards Organizations 3 International Organization for Standardization (ISO) 3 Institute of Electrical and Electronics Engineers (IEEE) 4 Internet Engineering Task Force (IETF) 5 Wi-Fi Alliance 7 802.11 Networking Basics 12 802.11 Security Basics 14 Data Privacy 14 Authentication, Authorization, Accounting (AAA) 16 Segmentation 17 Monitoring 17 Policy 18 802.11 Security History 18 802.11i Security Amendment and WPA Certifications 18 Robust Security Network (RSN) 20 Summary 21 Exam Essentials 22 Review Questions 24 Chapter 2 Legacy 802.11 Security 29 Authentication 30 Open System Authentication 31 Shared Key Authentication 33 Wired Equivalent Privacy (WEP) Encryption 35 TKIP 40 Virtual Private Networks (VPNs) 44 Point-to-Point Tunneling Protocol (PPTP) 46 Layer 2 Tunneling Protocol (L2TP) 46 Internet Protocol Security (IPsec) 47 Secure Sockets Layer (SSL) 47 VPN Configuration Complexity 48 VPN Scalability 48 MAC Filters 49 SSID Segmentation 50 SSID Cloaking 51 Summary 54 Exam Essentials 55 Review Questions 56 Chapter 3 Encryption Ciphers and Methods 61 Encryption Basics 62 Symmetric and Asymmetric Algorithms 63 Stream and Block Ciphers 65 RC4/ARC4 66 RC5 66 DES 66 3DES 67 AES 67 WLAN Encryption Methods 68 WEP 70 WEP MPDU 70 TKIP 72 TKIP MPDU 72 CCMP 73 CCMP MPDU 76 WPA/WPA2 78 Future Encryption Methods 79 Proprietary Layer 2 Implementations 80 Summary 80 Exam Essentials 81 Review Questions 82 Chapter 4 802.1X/EAP Authentication 87 WLAN Authentication Overview 89 AAA 90 Authentication 91 Authorization 92 Accounting 93 802.1X 95 Supplicant 96 Authenticator 99 Authentication Server 102 Supplicant Credentials 106 Usernames and Passwords 106 Digital Certificates 107 Protected Access Credentials (PACs) 109 One-T - ime Passwords 109 Smart Cards and USB Tokens 110 Machine Authentication 112 802.1X/EAP and Certificates 114 Server Certificates and Root CA Certificates 115 Client Certificates 119 Shared Secret 120 Legacy Authentication Protocols 121 PAP 121 CHAP 121 MS-CHAP 121 MS-CHAPv2 121 EAP 122 Weak EAP Protocols 125 EAP-MD5 125 EAP-LEAP 126 Strong EAP Protocols 128 EAP-PEAP 130 EAP-TTLS 133 EAP-TLS 134 EAP-FAST 136 Miscellaneous EAP Protocols 141 EAP-SIM 141 EAP-AKA 141 EAP-TEAP 142 Summary 144 Exam Essentials 144 Review Questions 146 Chapter 5 802.11 Layer 2 Dynamic Encryption Key Generation 151 Advantages of Dynamic Encryption 152 Robust Security Network (RSN) 156 RSN Information Element 161 Authentication and Key Management (AKM) 166 RSNA Key Hierarchy 170 4-Way Handshake 174 Group Key Handshake 177 PeerKey Handshake 179 TDLS Peer Key Handshake 180 RSNA Security Associations 181 Passphrase-to-PSK Mapping 182 Roaming and Dynamic Keys 183 Summary 184 Exam Essentials 184 Review Questions 186 Chapter 6 PSK Authentication 193 WPA/WPA2-Personal 194 Preshared Keys (PSK) and Passphrases 195 WPA/WPA2-Personal Risks 200 Entropy 201 Proprietary PSK 203 Simultaneous Authentication of Equals (SAE) 205 Summary 208 Exam Essentials 208 Review Questions 209 Chapter 7 802.11 Fast Secure Roaming 215 History of 802.11 Roaming 216 Client Roaming Thresholds 217 AP-to-AP Handoff 218 RSNA 220 PMKSA 221 PMK Caching 224 Preauthentication 225 Opportunistic Key Caching (OKC) 227 Proprietary FSR 230 Fast BSS Transition (FT) 231 Information Elements 235 FT Initial Mobility Domain Association 236 Over-the-Air Fast BSS Transition 238 Over-the-DS Fast BSS Transition 239 802.11k 243 802.11v 246 Voice Enterprise 247 Layer 3 Roaming 248 Troubleshooting 250 Summary 251 Exam Essentials 251 Review Questions 253 Chapter 8 WLAN Security Infrastructure 257 802.11 Services 258 Integration Service (IS) 258 Distribution System (DS) 259 Management, Control, and Data Planes 259 Management Plane 260 Control Plane 260 Data Plane 261 WLAN Architecture 261 Autonomous WLAN Architecture 261 Centralized Network Management Systems 263 Cloud Networking 265 Centralized WLAN Architecture 265 Distributed WLAN Architecture 270 Unified WLAN Architecture 272 Hybrid Architectures 272 Enterprise WLAN Routers 272 WLAN Mesh Access Points 273 WLAN Bridging 274 VPN Wireless Security 275 VPN 101 275 Layer 3 VPNs 277 SSL VPN 278 VPN Deployment 278 Infrastructure Management 279 Protocols for Management 280 Summary 285 Exam Essentials 285 Review Questions 286 Chapter 9 RADIUS and LDAP 291 LDAP 292 RADIUS 293 Authentication and Authorization 294 Accounting 295 RADIUS Configuration 296 LDAP Proxy 298 RADIUS Deployment Models 299 RADIUS Proxy 303 RADIUS Proxy and Realms 304 RADIUS Failover 305 WLAN Devices as RADIUS Servers 306 Captive Web Portal and MAC Authentication 306 RadSec 307 Attribute-Value Pairs 307 Vendor-Specific Attributes 308 VLAN Assignment 309 Role-Based Access Control 310 LDAP Attributes 311 Summary 311 Exam Essentials 311 Review Questions 313 Chapter 10 Bring Your Own Device (BYOD) and Guest Access 319 Mobile Device Management 322 Company-Issued Devices vs. Personal Devices 323 MDM Architecture 324 MDM Enrollment 325 MDM Profiles 329 MDM Agent Software 331 Over-the-Air Management 332 Application Management 335 Self-Service Device Onboarding for Employees 336 Dual-SSID Onboarding 337 Single-SSID Onboarding 338 MDM vs. Self-Service Onboarding 339 Guest WLAN Access 339 Guest SSID 340 Guest VLAN 340 Guest Firewall Policy 341 Captive Web Portals 342 Client Isolation, Rate Limiting, and Web Content Filtering 345 Guest Management 345 Guest Self-Registration 347 Employee Sponsorship 348 Social Login 349 Encrypted Guest Access 351 Network Access Control (NAC) 352 Posture 352 OS Fingerprinting 353 AAA 354 RADIUS Change of Authorization 355 Single Sign-On 356 Summary 358 Exam Essentials 359 Review Questions 360 Chapter 11 Wireless Security Troubleshooting 365 Five Tenets of WLAN Troubleshooting 366 Troubleshooting Best Practices 366 Troubleshoot the OSI Model 369 Most Wi-Fi Problems Are Client Issues 370 Proper WLAN Design Reduces Problems 372 WLAN Always Gets the Blame 372 PSK Troubleshooting 372 802.1X/EAP Troubleshooting 374 802.1X/EAP Troubleshooting Zones 375 Zone 1: Backend Communication Problems 376 Zone 2: Supplicant Certificate Problems 378 Zone 2: Supplicant Credential Problems 380 Roaming Troubleshooting 382 VPN Troubleshooting 384 Summary 387 Exam Essentials 387 Review Questions 388 Chapter 12 Wireless Security Risks 397 Unauthorized Rogue Access 398 Rogue Devices 398 Rogue Prevention 402 Eavesdropping 404 Casual Eavesdropping 404 Malicious Eavesdropping 406 Eavesdropping Risks 407 Eavesdropping Prevention 409 Authentication Attacks 409 Denial-of-Service Attacks 411 Layer 1 DoS Attacks 412 Layer 2 DoS Attacks 416 MAC Spoofing 420 Wireless Hijacking 423 Management Interface Exploits 427 Vendor Proprietary Attacks 428 Physical Damage and Theft 428 Social Engineering 430 Guest Access and WLAN Hotspots 432 Summary 433 Exam Essentials 433 Review Questions 434 Chapter 13 Wireless LAN Security Auditing 439 WLAN Security Audit 440 OSI Layer 1 Audit 442 OSI Layer 2 Audit 447 Penetration Testing 449 Wired Infrastructure Audit 453 Social Engineering Audit 453 WIPS Audit 454 Documenting the Audit 455 Audit Recommendations 456 WLAN Security Auditing Tools 457 Linux-Based Tools 459 Summary 462 Exam Essentials 463 Review Questions 464 Chapter 14 Wireless Security Monitoring 469 Wireless Intrusion Detection and Prevention Systems (WIDS and WIPS) 470 WIDS/WIPS Infrastructure Components 471 WIDS/WIPS Architecture Models 474 Multiple Radio Sensors 478 Sensor Placement 479 Device Classification 480 Rogue Detection 482 Rogue Mitigation 486 Device Tracking 489 WIDS/WIPS Analysis 494 Signature Analysis 494 Behavioral Analysis 495 Protocol Analysis 496 Spectrum Analysis 498 Forensic Analysis 499 Performance Analysis 500 Monitoring 501 Policy Enforcement 501 Alarms and Notification 503 False Positives 505 Reports 506 802.11n/ac 506 802.11w 508 Summary 509 Exam Essentials 509 Review Questions 511 Chapter 15 Wireless Security Policies 515 General Policy 517 Policy Creation 517 Policy Management 520 Functional Policy 521 Password Policy 522 RBAC Policy 523 Change Control Policy 524 Authentication and Encryption Policy 524 WLAN Monitoring Policy 525 Endpoint Policy 525 Acceptable Use Policy 526 Physical Security 527 Remote Office Policy 527 Government and Industry Regulations 528 The U.S. Department of Defense (DoD) Directive 8420.1 529 Federal Information Processing Standards (FIPS) 140-2 530 The Sarbanes-Oxley Act of 2002 (SOX) 532 Graham-Leach-Bliley Act (GLBA) 534 Health Insurance Portability and Accountability Act (HIPAA) 536 Payment Card Industry (PCI) Standard 538 Compliance Reports 541 802.11 WLAN Policy Recommendations 542 Summary 543 Exam Essentials 543 Review Questions 545 Appendix A Answers to Review Questions 551 Chapter 1: WLAN Security Overview 552 Chapter 2: Legacy 802.11 Security 554 Chapter 3: Encryption Ciphers and Methods 556 Chapter 4: 802.1X/EAP Authentication 559 Chapter 5: 802.11 Layer 2 Dynamic Encryption Key Generation 562 Chapter 6: PSK Authentication 565 Chapter 7: 802.11 Fast Secure Roaming 568 Chapter 8: WLAN Security Infrastructure 571 Chapter 9: RADIUS and LDAP 574 Chapter 10: Bring Your Own Device (BYOD) and Guest Access 576 Chapter 11: Wireless Security Troubleshooting 579 Chapter 12: Wireless Security Risks 582 Chapter 13: Wireless LAN Security Auditing 585 Chapter 14: Wireless Security Monitoring 588 Chapter 15: Wireless Security Policies 592 Appendix B Abbreviations and Acronyms 595 Certifications 596 Organizations and Regulations 596 Measurements 597 Technical Terms 597 Index 613

Erscheinungsdatum
Verlagsort New York
Sprache englisch
Maße 187 x 239 mm
Gewicht 1174 g
Themenwelt Mathematik / Informatik Informatik Netzwerke
Sozialwissenschaften Pädagogik
ISBN-10 1-119-21108-5 / 1119211085
ISBN-13 978-1-119-21108-2 / 9781119211082
Zustand Neuware
Haben Sie eine Frage zum Produkt?
Mehr entdecken
aus dem Bereich
das umfassende Handbuch für den Einstieg in die Netzwerktechnik

von Martin Linten; Axel Schemberg; Kai Surendorf

Buch | Hardcover (2023)
Rheinwerk (Verlag)
29,90
das Praxisbuch für Admins und DevOps-Teams

von Michael Kofler

Buch | Hardcover (2023)
Rheinwerk (Verlag)
39,90