第1页 / 共701页
第2页 / 共701页
第3页 / 共701页
第4页 / 共701页
第5页 / 共701页
第6页 / 共701页
第7页 / 共701页
第8页 / 共701页
CWSP Certified Wireless Security Professional Study Guide CWSP-2....pdf
Cover
Copyright
Acknowledgments
About the Authors
Contents at a Glance
Contents
Table of Exercises
Foreword
Introduction
Assessment Test
Answers to Assessment Test
1 WLAN Security Overview
Standards Organizations
International Organization for Standardization (ISO)
Institute of Electrical and Electronics Engineers (IEEE)
Internet Engineering Task Force (IETF)
Wi-Fi Alliance
802.11 Networking Basics
802.11 Security Basics
Data Privacy
Authentication, Authorization, Accounting (AAA)
Segmentation
Monitoring
Policy
802.11 Security History
802.11i Security Amendment and WPA Certifications
Robust Security Network (RSN)
Summary
Exam Essentials
Review Questions
2 Legacy 802.11 Security
Authentication
Open System Authentication
Shared Key Authentication
Wired Equivalent Privacy (WEP) Encryption
TKIP
Virtual Private Networks (VPNs)
Point-to-Point Tunneling Protocol (PPTP)
Layer 2 Tunneling Protocol (L2TP)
Internet Protocol Security (IPsec)
Secure Sockets Layer (SSL)
VPN Configuration Complexity
VPN Scalability
MAC Filters
SSID Segmentation
SSID Cloaking
Summary
Exam Essentials
Review Questions
3 Encryption Ciphers and Methods
Encryption Basics
Symmetric and Asymmetric Algorithms
Stream and Block Ciphers
RC4/ARC4
RC5
DES
3DES
AES
WLAN Encryption Methods
WEP
WEP MPDU
TKIP
TKIP MPDU
CCMP
CCMP MPDU
WPA/WPA2
Future Encryption Methods
Proprietary Layer 2 Implementations
Summary
Exam Essentials
Review Questions
4 802.1X/EAP Authentication
WLAN Authentication Overview
AAA
Authentication
Authorization
Accounting
802.1X
Supplicant
Authenticator
Authentication Server
Supplicant Credentials
Usernames and Passwords
Digital Certificates
Protected Access Credentials (PACs)
One-time Passwords
Smart Cards and USB Tokens
Machine Authentication
802.1X/EAP and Certificates
Server Certificates and Root CA Certificates
Client Certificates
Shared Secret
Legacy Authentication Protocols
PAP
CHAP
MS-CHAP
MS-CHAPv2
EAP
Weak EAP Protocols
EAP-MD5
EAP-LEAP
Strong EAP Protocols
EAP-PEAP
EAP-TTLS
EAP-TLS
EAP-FAST
Miscellaneous EAP Protocols
EAP-SIM
EAP-AKA
EAP-TEAP
Summary
Exam Essentials
Review Questions
5 802.11 Layer 2 Dynamic Encryption Key Generation
Advantages of Dynamic Encryption
Robust Security Network (RSN)
RSN Information Element
Authentication and Key Management (AKM)
RSNA Key Hierarchy
4-Way Handshake
Group Key Handshake
PeerKey Handshake
TDLS Peer Key Handshake
RSNA Security Associations
Passphrase-to-PSK Mapping
Roaming and Dynamic Keys
Summary
Exam Essentials
Review Questions
6 PSK Authentication
WPA/WPA2-Personal
Preshared Keys (PSK) and Passphrases
WPA/WPA2-Personal Risks
Entropy
Proprietary PSK
Simultaneous Authentication of Equals (SAE)
Summary
Exam Essentials
Review Questions
7 802.11 Fast Secure Roaming
History of 802.11 Roaming
Client Roaming Thresholds
AP-to-AP Handoff
RSNA
PMKSA
PMK Caching
Preauthentication
Opportunistic Key Caching (OKC)
Proprietary FSR
Fast BSS Transition (FT)
Information Elements
FT Initial Mobility Domain Association
Over-the-Air Fast BSS Transition
Over-the-DS Fast BSS Transition
802.11k
802.11v
Voice Enterprise
Layer 3 Roaming
Troubleshooting
Summary
Exam Essentials
Review Questions
8 WLAN Security Infrastructure
802.11 Services
Integration Service (IS)
Distribution System (DS)
Management, Control, and Data Planes
Management Plane
Control Plane
Data Plane
WLAN Architecture
Autonomous WLAN Architecture
Centralized Network Management Systems
Cloud Networking
Centralized WLAN Architecture
Distributed WLAN Architecture
Unified WLAN Architecture
Hybrid Architectures
Enterprise WLAN Routers
WLAN Mesh Access Points
WLAN Bridging
VPN Wireless Security
VPN 101
Layer 3 VPNs
SSL VPN
VPN Deployment
Infrastructure Management
Protocols for Management
Summary
Exam Essentials
Review Questions
9 RADIUS and LDAP
LDAP
RADIUS
Authentication and Authorization
Accounting
RADIUS Configuration
LDAP Proxy
RADIUS Deployment Models
RADIUS Proxy
RADIUS Proxy and Realms
RADIUS Failover
WLAN Devices as RADIUS Servers
Captive Web Portal and MAC Authentication
RadSec
Attribute-Value Pairs
Vendor-Specific Attributes
VLAN Assignment
Role-Based Access Control
LDAP Attributes
Summary
Exam Essentials
Review Questions
10 Bring Your Own Device (BYOD) and Guest Access
Mobile Device Management
Company-Issued Devices vs. Personal Devices
MDM Architecture
MDM Enrollment
MDM Profiles
MDM Agent Software
Over-the-Air Management
Application Management
Self-Service Device Onboarding for Employees
Dual-SSID Onboarding
Single-SSID Onboarding
MDM vs. Self-Service Onboarding
Guest WLAN Access
Guest SSID
Guest VLAN
Guest Firewall Policy
Captive Web Portals
Client Isolation, Rate Limiting, and Web Content Filtering
Guest Management
Guest Self-Registration
Employee Sponsorship
Social Login
Encrypted Guest Access
Network Access Control (NAC)
Posture
OS Fingerprinting
AAA
RADIUS Change of Authorization
Single Sign-On
Summary
Exam Essentials
Review Questions
11 Wireless Security Troubleshooting
Five Tenets of WLAN Troubleshooting
Troubleshooting Best Practices
Troubleshoot the OSI Model
Most Wi-Fi Problems Are Client Issues
Proper WLAN Design Reduces Problems
WLAN Always Gets the Blame
PSK Troubleshooting
802.1X/EAP Troubleshooting
802.1X/EAP Troubleshooting Zones
Zone 1: Backend Communication Problems
Zone 2: Supplicant Certificate Problems
Zone 2: Supplicant Credential Problems
Roaming Troubleshooting
VPN Troubleshooting
Summary
Exam Essentials
Review Questions
12 Wireless Security Risks
Unauthorized Rogue Access
Rogue Devices
Rogue Prevention
Eavesdropping
Casual Eavesdropping
Malicious Eavesdropping
Eavesdropping Risks
Eavesdropping Prevention
Authentication Attacks
Denial-of-Service Attacks
Layer 1 DoS Attacks
Layer 2 DoS Attacks
MAC Spoofing
Wireless Hijacking
Management Interface Exploits
Vendor Proprietary Attacks
Physical Damage and Theft
Social Engineering
Guest Access and WLAN Hotspots
Summary
Exam Essentials
Review Questions
13 Wireless LAN Security Auditing
WLAN Security Audit
OSI Layer 1 Audit
OSI Layer 2 Audit
Penetration Testing
Wired Infrastructure Audit
Social Engineering Audit
WIPS Audit
Documenting the Audit
Audit Recommendations
WLAN Security Auditing Tools
Linux-Based Tools
Summary
Exam Essentials
Review Questions
14 Wireless Security Monitoring
Wireless Intrusion Detection and Prevention Systems (WIDS and WIPS)
WIDS/WIPS Infrastructure Components
WIDS/WIPS Architecture Models
Multiple Radio Sensors
Sensor Placement
Proprietary WIPS
Device Classification
Rogue Detection
Rogue Mitigation
Device Tracking
WIDS/WIPS Analysis
Signature Analysis
Behavioral Analysis
Protocol Analysis
Spectrum Analysis
Forensic Analysis
Performance Analysis
Monitoring
Policy Enforcement
Alarms and Notification
False Positives
Reports
802.11n/ac
802.11w
Summary
Exam Essentials
Review Questions
15 Wireless Security Policies
General Policy
Policy Creation
Policy Management
Functional Policy
Password Policy
RBAC Policy
Change Control Policy
Authentication and Encryption Policy
WLAN Monitoring Policy
Endpoint Policy
Acceptable Use Policy
Physical Security
Remote Office Policy
Government and Industry Regulations
The U.S. Department of Defense (DoD) Directive 8420.1
Federal Information Processing Standards (FIPS) 140-2
The Sarbanes-Oxley Act of 2002 (SOX)
Graham-Leach-Bliley Act (GLBA)
Health Insurance Portability and Accountability Act (HIPAA)
Payment Card Industry (PCI) Standard
Compliance Reports
802.11 WLAN Policy Recommendations
Summary
Exam Essentials
Review Questions
Appendix A Answers to Review Questions
Chapter 1: WLAN Security Overview
Chapter 2: Legacy 802.11 Security
Chapter 3: Encryption Ciphers and Methods
Chapter 4: 802.1X/EAP Authentication
Chapter 5: 802.11 Layer 2 Dynamic Encryption Key Generation
Chapter 6: PSK Authentication
Chapter 7: 802.11 Fast Secure Roaming
Chapter 8: WLAN Security Infrastructure
Chapter 9: RADIUS and LDAP
Chapter 10: Bring Your Own Device (BYOD) and Guest Access
Chapter 11: Wireless Security Troubleshooting
Chapter 12: Wireless Security Risks
Chapter 13: Wireless LAN Security Auditing
Chapter 14: Wireless Security Monitoring
Chapter 15: Wireless Security Policies
Appendix B Abbreviations and Acronyms
Certifications
Organizations and Regulations
Measurements
Technical Terms
Index
Advert
EULA
CWSP®
Certified Wireless Security
Professional
Study Guide CWSP-205
Second Edition
CWSP®
Certified Wireless Security
Professional
Study Guide CWSP-205
Second Edition
David D. Coleman
David A. Westcott
Bryan Harkins
Executive Editor: Jim Minatel
Development Editor: Kim Wimpsett
Technical Editors: Chris Lyttle and Ben Wilson
Production Editor: Dassi Zeidel
Copy Editor: Liz Welch
Editorial Manager: Mary Beth Wakefield
Production Manager: Kathleen Wisor
Book Designers: Judy Fung and Bill Gibson
Proofreader: Rebecca Rider
Indexer: Ted Laux
Project Coordinator, Cover: Brent Savage
Cover Designer: Wiley
Cover Image: ©Getty Images, Inc./Jeremy Woodhouse
Copyright © 2017 by John Wiley & Sons, Inc., Indianapolis, Indiana
Published simultaneously in Canada
ISBN: 978-1-119-21108-2
ISBN: 978-1-119-24413-4 (ebk.)
ISBN: 978-1-119-21109-9 (ebk.)
Manufactured in the United States of America
No part of this publication may be reproduced, stored in a retrieval system or transmitted in any form or
by any means, electronic, mechanical, photocopying, recording, scanning or otherwise, except as permit-
ted under Sections 107 or 108 of the 1976 United States Copyright Act, without either the prior written
permission of the Publisher, or authorization through payment of the appropriate per-copy fee to the
Copyright Clearance Center, 222 Rosewood Drive, Danvers, MA 01923, (978) 750-8400, fax (978) 646-
8600. Requests to the Publisher for permission should be addressed to the Permissions Department, John
Wiley & Sons, Inc., 111 River Street, Hoboken, NJ 07030, (201) 748-6011, fax (201) 748-6008, or online
at http://www.wiley.com/go/permissions.
Limit of Liability/Disclaimer of Warranty: The publisher and the author make no representations or war-
ranties with respect to the accuracy or completeness of the contents of this work and specifically disclaim
all warranties, including without limitation warranties of fitness for a particular purpose. No warranty
may be created or extended by sales or promotional materials. The advice and strategies contained herein
may not be suitable for every situation. This work is sold with the understanding that the publisher is not
engaged in rendering legal, accounting, or other professional services. If professional assistance is required,
the services of a competent professional person should be sought. Neither the publisher nor the author
shall be liable for damages arising herefrom. The fact that an organization or Web site is referred to in this
work as a citation and/or a potential source of further information does not mean that the author or the
publisher endorses the information the organization or Web site may provide or recommendations it may
make. Further, readers should be aware that Internet Web sites listed in this work may have changed or
disappeared between when this work was written and when it is read.
For general information on our other products and services or to obtain technical support, please contact
our Customer Care Department within the U.S. at (877) 762-2974, outside the U.S. at (317) 572-3993 or
fax (317) 572-4002.
Wiley publishes in a variety of print and electronic formats and by print-on-demand. Some material
included with standard print versions of this book may not be included in e-books or in print-on-demand.
If this book refers to media such as a CD or DVD that is not included in the version you purchased, you
may download this material at http://booksupport.wiley.com. For more information about Wiley prod-
ucts, visit www.wiley.com.
Library of Congress Control Number: 9781119211082
TRADEMARKS: Wiley, the Wiley logo, and the Sybex logo are trademarks or registered trademarks of
John Wiley & Sons, Inc. and/or its affiliates, in the United States and other countries, and may not be used
without written permission. CWSP is a registered trademark of CWNP, LLC. All other trademarks are the
property of their respective owners. John Wiley & Sons, Inc. is not associated with any product or vendor
mentioned in this book.
10 9 8 7 6 5 4 3 2 1
We dedicate this book to the knowledgeable and competent wireless
consultants, designers, and installers, and those who are working diligently
to become one. You are the front lines of the industry, explaining the
technology to customers, including trying to make them understand that
more power and more APs often does not mean better WLAN performance.
Wireless networking is a shared medium and a shared community, and we
are honored to be part of it and to be able to contribute.
相关推荐
2023年江西萍乡中考道德与法治真题及答案.doc
2012年重庆南川中考生物真题及答案.doc
2013年江西师范大学地理学综合及文艺理论基础考研真题.doc
2020年四川甘孜小升初语文真题及答案I卷.doc
2020年注册岩土工程师专业基础考试真题及答案.doc
2023-2024学年福建省厦门市九年级上学期数学月考试题及答案.doc
2021-2022学年辽宁省沈阳市大东区九年级上学期语文期末试题及答案.doc
2022-2023学年北京东城区初三第一学期物理期末试卷及答案.doc
2018上半年江西教师资格初中地理学科知识与教学能力真题及答案.doc
2012年河北国家公务员申论考试真题及答案-省级.doc
2020-2021学年江苏省扬州市江都区邵樊片九年级上学期数学第一次质量检测试题及答案.doc
2022下半年黑龙江教师资格证中学综合素质真题及答案.doc
