cwsp - download.e-bookshelf.de
TRANSCRIPT
David D. Coleman David A. Westcott Bryan E. Harkins Shawn M.
Jackman
Certifi ed Wireless Security Professional Offi cial Study Guide
The Offi cial Study Guide for Exam PW0-204 from CWNP®
CWSP ®
• Hundreds of Sample Questions
• Case Studies and Demo Software
Prepare for the Certifi ed Wireless Security Professional exam (PW0-204) with this new Offi cial Study Guide from CWNP. This comprehensive resource covers everything you need for the exam, including wireless security basics, risks, and policies; legacy 802.11 security and robust network security (RSN); encryption ciphers and methods; enterprise 802.11 layer 2 authentication methods; fast secure roaming, wireless intrusion prevention; and many other essential WLAN security topics and concepts. Inside you’ll fi nd:
• Full coverage of all exam objectives in a systematic approach, so you can be confi dent you’re getting the instruction you need for the exam
• Practical hands-on exercises to reinforce critical skills
• Real-world scenarios that put what you’ve learned in the context of actual job roles
• Challenging review questions in each chapter to prepare you for exam day
• Exam Essentials, a key feature in each chapter that identifi es critical areas you must become profi cient in before taking the exam
• White papers, demo software, practice exams, and over 150 fl ashcards on the CD to further facilitate your learning
• A handy tear card that maps every offi cial exam objective to the corresponding chapter in the book, so you can track your exam prep objective by objective
Look inside for complete coverage of all exam objectives.
SERIOUS SKILLS.
Exam PW0-204
Coleman Westcott Harkins Jackman
Exam PW0-204
A B O U T T H E A U T H O R S
David D. Coleman, CWNE #4, CWNA, CWSP, CWNT, is a WLAN security consultant and technical trainer with over twenty years of IT experience. The company he founded, AirSpy Networks (www.airspy.com), specializes in corporate WLAN training. David A. Westcott, CWNE #7, CWNA, CWSP, CWNT, is an independent consultant and WLAN technical trainer with over twenty years of experience. He has been a certifi ed trainer for over fi fteen years. Bryan E. Harkins, CWNE #44, CWSP, CWNA, CWNT, is the Training and Development Manager for Motorola AirDefense Solutions, a market leader in wireless intrusion prevention systems. Shawn M. Jackman, CWNE #54, CWNA, CWSP, CWAP is a principal WLAN engineer with Kaiser Permanente. He has over fi fteen years’ experience working with wireless manufacturers and integrators.
SYBEX TEST ENGINE: Test your knowledge with advanced testing software. Includes all chapter review questions and practice exams.
ELECTRONIC FLASHCARDS: Reinforce your understanding with electronic fl ashcards.
The CD also includes white papers and demo software.
Study anywhere, any time, and approach the exam with confi dence.
ABOUT THE CWNP PROGRAM CWNP is the industry standard for vendor- neutral, enterprise WLAN certifi cations. The focus is to educate IT professionals in the technology behind all enterprise WLAN products and to enable these profession- als to manage wireless LAN enterprise infrastructures, regardless of the vendor solution utilized. CWNP is a privately held corporation based in Atlanta, Georgia. For more information, visit www.cwnp.com.
www.sybex.com
CWSP®
Study Guide
CWSP®
Study Guide
ffirs.indd iiiffirs.indd iii 1/12/10 9:05:35 PM1/12/10 9:05:35 PM
Acquisitions Editor: Jeff Kellum Development Editor: Gary Schwartz Technical Editors: Sam Coyl and Marcus Burton Production Editor: Rachel McConlogue Copy Editor: Liz Welch Editorial Manager: Pete Gaughan Production Manager: Tim Tate Vice President and Executive Group Publisher: Richard Swadley Vice President and Publisher: Neil Edde Media Project Manager 1: Laura Moss-Hollister Media Associate Producer: Marilyn Hummel Media Quality Assurance: Josh Frank Book Designers: Judy Fung and Bill Gibson Proofreader: Publication Services, Inc. Indexer: Ted Laux Project Coordinator, Cover: Lynsey Stanford Cover Designer: Ryan Sneed
Copyright © 2010 by Wiley Publishing, Inc., Indianapolis, Indiana
Published simultaneously in Canada
ISBN: 978-0-470-43891-6
No part of this publication may be reproduced, stored in a retrieval system or transmitted in any form or by any means, electronic, mechanical, photocopying, recording, scanning or otherwise, except as permitted under Sections 107 or 108 of the 1976 United States Copyright Act, without either the prior written permission of the Publisher, or authorization through payment of the appropriate per-copy fee to the Copyright Clearance Center, 222 Rosewood Drive, Danvers, MA 01923, (978) 750-8400, fax (978) 646-8600. Requests to the Publisher for permission should be addressed to the Permissions Department, John Wiley & Sons, Inc., 111 River Street, Hoboken, NJ 07030, (201) 748-6011, fax (201) 748-6008, or online at http://www.wiley.com/go/permissions.
Limit of Liability/Disclaimer of Warranty: The publisher and the author make no representations or warranties with respect to the accuracy or completeness of the contents of this work and specifically disclaim all warran- ties, including without limitation warranties of fitness for a particular purpose. No warranty may be created or extended by sales or promotional materials. The advice and strategies contained herein may not be suitable for every situation. This work is sold with the understanding that the publisher is not engaged in rendering legal, accounting, or other professional services. If professional assistance is required, the services of a competent professional person should be sought. Neither the publisher nor the author shall be liable for damages arising here- from. The fact that an organization or Web site is referred to in this work as a citation and/or a potential source of further information does not mean that the author or the publisher endorses the information the organization or Web site may provide or recommendations it may make. Further, readers should be aware that Internet Web sites listed in this work may have changed or disappeared between when this work was written and when it is read.
For general information on our other products and services or to obtain technical support, please contact our Customer Care Department within the U.S. at (877) 762-2974, outside the U.S. at (317) 572-3993 or fax (317) 572-4002.
Wiley also publishes its books in a variety of electronic formats. Some content that appears in print may not be available in electronic books.
Library of Congress Cataloging-in-Publication Data
CWSP : certified wireless security professional official study guide (exam PW0-204) / David D. Coleman . . . [et al.]. — 1st ed.
p. cm.
ISBN 978-0-470-43891-6
TK5103.2.C87 2010
005.8076—dc22
2009042658
TRADEMARKS: Wiley, the Wiley logo, and the Sybex logo are trademarks or registered trademarks of John Wiley & Sons, Inc. and/or its affiliates, in the United States and other countries, and may not be used without written permission. CWSP is a registered trademark of CWNP, Inc. All other trademarks are the property of their respective owners. Wiley Publishing, Inc., is not associated with any product or vendor mentioned in this book.
10 9 8 7 6 5 4 3 2 1
ffirs.indd ivffirs.indd iv 1/12/10 9:05:36 PM1/12/10 9:05:36 PM
Dear Reader,
Thank you for choosing CWSP: Certifi ed Wireless Security Professional Offi cial Study Guide. This book is part of a family of premium-quality Sybex books, all of which are written by outstanding authors who combine practical experience with a gift for teaching.
Sybex was founded in 1976. More than 30 years later, we’re still committed to producing consistently exceptional books. With each of our titles, we’re working hard to set a new standard for the industry. From the paper we print on, to the authors we work with, our goal is to bring you the best books available.
I hope you see all that refl ected in these pages. I’d be very interested to hear your comments and get your feedback on how we’re doing. Feel free to let me know what you think about this or any other Sybex book by sending me an email at [email protected]. If you think you’ve found a technical error in this book, please visit http://sybex.custhelp .com. Customer feedback is critical to our efforts at Sybex.
Best regards,
Neil Edde Vice President and Publisher Sybex, an Imprint of Wiley
ffirs.indd vffirs.indd v 1/12/10 9:05:37 PM1/12/10 9:05:37 PM
ffirs.indd viffirs.indd vi 1/12/10 9:05:37 PM1/12/10 9:05:37 PM
We dedicate this book to all the men and women of the United States
Armed Forces for putting their private lives aside to preserve and protect
freedom. Thank you for your service and your sacrifi ce.
ffirs.indd viiffirs.indd vii 1/12/10 9:05:37 PM1/12/10 9:05:37 PM
Acknowledgments David Coleman would once again like to thank his children, Brantley and Carolina, for their patience and understanding of their father throughout the writing of yet another book. I love you kids very much. David would also like to thank his mother, Marjorie Barnes, and his stepfather, William Barnes, for many years of support and encouragement. David would also like to thank his brother, Rob Coleman, for all his help during a tough year.
David Westcott would like to thank his parents, Kathy and George, who have provided so much support and love and from whom he has learned so much. He would also like to thank Janie, Jennifer, and Samantha for their patience and understanding of life on the road and for their support throughout the writing of this book.
Bryan Harkins would like to thank his wife, Ronda, and his two daughters, Chrystan and Catelynn, for enduring the constant travel and time away from them it has taken to create this book. I love the three of you very much. I would also like to thank my parents for always being there and my brother Chris for getting me into IT in the fi rst place. Additionally, I would like to thank David Thomas and Ralf Deltrap of Motorola AirDefense Solutions for making me part of the AirDefense team years ago.
Shawn Jackman would like to thank his parents, Alice and Steve, for the many years of encouragement and unquestioning support, but most of all for leading by example as a parent, provider, and character example. Shawn would also like to thank his wife, Joy, the world’s most supportive and wonderful woman a Wi-Fi geek could ever ask for. And, of course, to his children, Summer, Pierce, and Julia, who are loved by their daddy more than they will ever know.
Writing CWSP: Certifi ed Wireless Security Professional Offi cial Study Guide has been an adventure from the start. We would like to thank the following individuals for their support and contributions during the entire process.
We must fi rst thank Sybex acquisitions editor Jeff Kellum for initially fi nding us and bringing us on to this project. Jeff is an extremely patient and understanding editor who occasionally sends a nasty email message. We would also like to thank our development editor, Gary Schwartz. We also need to send special thanks to our editorial manager, Pete Gaughan; our production editor, Rachel McConlogue; and Liz Welch, our copyeditor.
We also need to give a big shout-out to our technical editor, Sam Coyl. Sam is a member of the IEEE with many years of practical experience in wireless communications. His contributions to the book were nothing short of invaluable. When Sam is not providing awesome technical editing, he is vice president of business development for Netrepid (www.netrepid.com), a wireless solutions provider.
We would also like to thank Marcus Burton, Cary Chandler, Abbey Cole, and Kevin Sandlin of the CWNP program (www.cwnp.com). All CWNP employees, past and present, should be proud of the internationally renowned wireless certifi cation program that sets the education standard within the enterprise Wi-Fi industry. It has been a pleasure working with all of you the past 10 years. Special thanks go to Marcus Burton for his feedback and content review.
ffirs.indd viiiffirs.indd viii 1/12/10 9:05:37 PM1/12/10 9:05:37 PM
Thanks goes to the students who attended an October 2009 CWSP evaluation class held in Atlanta. Those students include Ray Baum and Max Lopez from the University of Colorado, Joe Altmann from Polycom, and Randall Bobula from the CME Group. Also contributing that week was our favorite Meruvian, Diana Cortes from the University of Miami.
We would also like to thank Devin Akin, Chief Architect of Aerohive Networks. Devin has been a Wi-Fi guru for all four authors for many years.
Shawn would also like to thank the following co-workers and professional colleagues: Nico Arcino, Ken Fisch, Tom Head, Jon Krabbenschmidt, and George Stefanick.
We would also like to thank the following individuals and companies for their support and contributions to the book:
Aerohive Networks (www.aerohive.com) — Devin Akin, Adam Conway, and Paul Levasseur
AeroScout (www.aeroscout.com) — Steffan Haithcox and Scott Phillips.
AirDefense (www.airdefense.net) — Ralf Deltrap and David Thomas
AirMagnet (www.airmagnet.com) — Dilip Advani
AirWave (www.airwave.com) — Patrick Smith
By-Light (www.by-light.com) — Steve Hurdle
CACE Technologies (www.cacetech.com) — Janice Spampinato
Cisco Systems (www.cisco.com) — Chris Allen, John Helm, Matt Swartz, and Hao Zhao
Fluke Networks (www.flukenetworks.com) — Carolyn Carter, Dan Klimke, and Lori Whitmer
Immunity (www.immunityinc.com) — Steven Laskowski
NetStumbler (www.netstumbler.com) — Marius Milner
Vocera (www.vocera.com) — Arun Mirchandani, Steve Newsome, and Brian Sturges
Wi-Fi Alliance (www.wifi.org) — Kelly Davis-Felner and Krista Ford
WildPackets (www.wildpackets.com) — Stephanie Temples
ffirs.indd ixffirs.indd ix 1/12/10 9:05:38 PM1/12/10 9:05:38 PM
About the Authors David D. Coleman is a WLAN security consultant and trainer. He teaches the CWNP classes that are recognized throughout the world as the industry standard for wireless networking certifi cation, and he also conducts vendor-specifi c Wi-Fi training. He has also taught numerous “train-the-trainer” classes and “beta” classes for the CWNP program. David has instructed IT professionals from around the globe in wireless networking administration, wireless security, and wireless frame analysis. The company he founded, AirSpy Networks (www.airspy.com), specializes in corporate training and has worked in the past with Avaya, Nortel, Polycom, and Siemens. AirSpy Networks also specializes in government classes, and it has trained numerous computer security employees from various law enforcement agencies, the U.S. Marines, the U.S. Army, the U.S. Navy, the U.S. Air Force, and other federal and state government agencies. David has written many books and white papers about wireless networking, and he is considered an authority on 802.11 technology.
David is also a member of the Certifi ed Wireless Network Expert (CWNE) Roundtable, a selected group of individuals who work with the CWNP program to provide direction for the CWNP exams and certifi cations. David resides in Atlanta, Georgia, where he shares a home with his two children, Carolina and Brantley. David Coleman is CWNE #4, and he can be reached via email at [email protected].
David Westcott is an independent consultant and technical trainer with over 25 years of experience in information technology, specializing in computer networking and security. In addition to providing advice and direction to corporate clients, David has been a certifi ed trainer for over 17 years, providing training to government agencies, corporations, and universities around the world. David was an adjunct faculty member for Boston University’s Corporate Education Center for over 10 years, and he has developed courseware on wireless networking, wireless mesh networking, wired networking, and security for Boston University and many other clients.
Since installing his fi rst wireless network in 1999, David has become a Certifi ed Wireless Network Trainer, Administrator, Security Professional, and Analysis Professional. David is also a member of the CWNE Roundtable. David has earned certifi cations from Cisco, Aruba, Microsoft, EC-Council, CompTIA, and Novell. David lives in Concord, Massachusetts with his wife Janie and his stepdaughters, Jennifer and Samantha. A licensed pilot, he enjoys fl ying his Piper Cherokee 180 around New England when he is not fl ying around the world commercially. David is CWNE #7, and he can be reached via email at [email protected].
ffirs.indd xffirs.indd x 1/12/10 9:05:39 PM1/12/10 9:05:39 PM
Shawn Jackman currently oversees wireless enterprise engineering for a large healthcare provider and adopter of 802.11 technology. Prior to that, Shawn has been on both sides of the table, working for a WLAN manufacturer and with wireless integrators. Shawn has been intensely focused on large-scale VoWiFi, QoS, and RTLS applications for over three years, and he spends a considerable amount of his time doing end-user design, deployment, and troubleshooting for various vendors’ equipment. Shawn has traveled the United States and internationally designing wired and wireless networks, from concept to completion, for healthcare, warehouse, hospitality, education, metro/municipal, government, franchise, and retail environments. He has served as an on-air technical personality for a weekly syndicated call-in talk radio show with over 5 million listeners worldwide and is considered an authority on Wi-Fi technology.
Shawn is a member of the CWNE Roundtable. He lives in the San Francisco Bay area with his wife Joy and their three children, Summer, Pierce, and Julia. Shawn is CWNE #54, and he can be reached via email at [email protected].
Bryan Harkins is currently the training and development manager for Motorola AirDefense Solutions and has over 20 years experience in the IT fi eld. He has been involved in areas ranging from customer support and sales to network security and design. He has developed custom curriculum for government agencies and Fortune 500 companies alike. Over the years, he has helped numerous students reach their certifi cation and knowledge goals through his exceptional skills as an instructor. He delivers both public and private wireless security classes around the world and holds several prestigious industry certifi cations, including MCSE, CWNE, and CWNT.
Bryan has spoken during Secure World Expo, Armed Forces Communications and Electronics Association (AFCEA) events, and Microsoft Broad Reach as well as many other industry events. He holds a degree in aviation from Georgia State University. Bryan is a native of Atlanta, Georgia, and still lives in the area with his wife Ronda and two daughters, Chrystan and Catelynn. Bryan is also a member of the CWNE Roundtable. Bryan is CWNE #44, and he can be reached via email at [email protected].
About the Authors xi
Contents at a Glance Introduction xxvii
Assessment Test xlii
Chapter 3 Encryption Ciphers and Methods 65
Chapter 4 Enterprise 802.11 Layer 2 Authentication Methods 101
Chapter 5 802.11 Layer 2 Dynamic Encryption Key Generation 173
Chapter 6 SOHO 802.11 Security 221
Chapter 7 802.11 Fast Secure Roaming 249
Chapter 8 Wireless Security Risks 291
Chapter 9 Wireless LAN Security Auditing 337
Chapter 10 Wireless Security Monitoring 369
Chapter 11 VPNs, Remote Access, and Guest Access Services 429
Chapter 12 WLAN Security Infrastructure 455
Chapter 13 Wireless Security Policies 509
Appendix A Abbreviations, Acronyms, and Regulations 553
Appendix B WLAN Vendors 575
Appendix C About the Companion CD 579
Glossary 583
Index 623
Contents Introduction xxvii
Assessment Test xlii
Standards Organizations 3 International Organization for Standardization (ISO) 3 Institute of Electrical and Electronics Engineers (IEEE) 4 Internet Engineering Task Force (IETF) 5 Wi-Fi Alliance 7
802.11 Networking Basics 10 802.11 Security Basics 12
Data Privacy 13 Authentication, Authorization, Accounting (AAA) 15 Segmentation 15 Monitoring 16 Policy 16
802.11 Security History 16 802.11i Security amendment and WPA Certifications 17 Robust Security Network (RSN) 19 The Future of 802.11 Security 19
Summary 21 Exam Essentials 22 Key Terms 22 Review Questions 24 Answers to Review Questions 29
Chapter 2 Legacy 802.11 Security 31
Authentication 32 Open System Authentication 33 Shared Key Authentication 35
Wired Equivalent Privacy (WEP) Encryption 38 Virtual Private Networks (VPNs) 43
Point-to-Point Tunneling Protocol (PPTP) 45 Layer 2 Tunneling Protocol (L2TP) 46 Internet Protocol Security (IPsec) 46 Configuration Complexity 47 Scalability 47
MAC Filters 48 SSID Segmentation 49 SSID Cloaking 51
ftoc.indd xvftoc.indd xv 1/11/10 3:15:56 PM1/11/10 3:15:56 PM
xvi Contents
Summary 55 Exam Essentials 55 Key Terms 56 Review Questions 57 Answers to Review Questions 62
Chapter 3 Encryption Ciphers and Methods 65
Encryption Basics 66 Symmetric and Asymmetric Algorithms 67 Stream and Block Ciphers 68 RC4 69 RC5 70 DES 70 3DES 71
AES 71 WLAN Encryption Methods 72 WEP 73
WEP MPDU 74 TKIP 75
TKIP MPDU 80 CCMP 83
CCMP MPDU 85 WPA/WPA2 88 Proprietary Layer 2 Implementations 89 Summary 90 Exam Essentials 90 Key Terms 91 Review Questions 93 Answers to Review Questions 98
Chapter 4 Enterprise 802.11 Layer 2 Authentication Methods 101
WLAN Authentication Overview 103 AAA 104
Authentication 105 Authorization 106 Accounting 108
802.1X 109 Supplicant 110 Authenticator 115 Authentication Server 119
Supplicant Credentials 122 Usernames and Passwords 123 Digital Certificates and PACs 124 One-time Passwords 126
ftoc.indd xviftoc.indd xvi 1/11/10 3:15:56 PM1/11/10 3:15:56 PM
Contents xvii
Smart Cards and USB Tokens 128 Machine Authentication 129 Preshared Keys 130 Proximity Badges and RFID Tags 130 Biometrics 131
Authentication Server Credentials 131 Shared Secret 136 Legacy Authentication Protocols 137
PAP 137 CHAP 137 MS-CHAP 137 MS-CHAPv2 138
EAP 138 Weak EAP Protocols 141 EAP-MD5 142 EAP-LEAP 142 Strong EAP Protocols 145 EAP-PEAP 146 EAP-TTLS 150 EAP-TLS 151 EAP-FAST 153 PACs 154 Miscellaneous EAP Protocols 158 EAP-SIM 158 EAP-AKA 158
Summary 161 Exam Essentials 161 Key Terms 162 Review Questions 164 Answers to Review Questions 169
Chapter 5 802.11 Layer 2 Dynamic Encryption Key Generation 173
Advantages of Dynamic Encryption 174 Robust Security Network (RSN) 179
RSN Information Element 184 Authentication and Key Management (AKM) 189 RSNA Key Hierarchy 194 4-Way Handshake 198 Group Key Handshake 201 PeerKey Handshake 203 RSNA Security Associations 204 Passphrase-to-PSK Mapping 205 Roaming and Dynamic Keys 207
ftoc.indd xviiftoc.indd xvii 1/11/10 3:15:57 PM1/11/10 3:15:57 PM
xviii Contents
Summary 207 Exam Essentials 208 Key Terms 209 Review Questions 210 Answers to Review Questions 216
Chapter 6 SOHO 802.11 Security 221
WPA/WPA2-Personal 222 Preshared Keys (PSK) and Passphrases 223 WPA/WPA2-Personal Risks 228 Entropy 228 Proprietary PSK 231
Wi-Fi Protected Setup (WPS) 232 WPS Architecture 233
SOHO Security Best Practices 238 Summary 238 Exam Essentials 239 Key Terms 240 Review Questions 241 Answers to Review Questions 246
Chapter 7 802.11 Fast Secure Roaming 249
History of 802.11 Roaming 250 Client Roaming Thresholds 251 AP-to-AP Handoff 252
RSNA 254 PMKSA 254 PMK Caching 257 Preauthentication 259
Opportunistic Key Caching (OKC) 260 Proprietary FSR 264 Fast BSS Transition (FT) 264
Information Elements 268 FT Initial Mobility Domain Association 268 Over-the-Air Fast BSS Transition 270 Over-the-DS Fast BSS Transition 271
802.11k 273 Voice Personal and Voice Enterprise 273 Layer 3 Roaming 274 Troubleshooting 276 SCA Roaming 277 Exam Essentials 280 Key Terms 281 Review Questions 283 Answers to Review Questions 287
ftoc.indd xviiiftoc.indd xviii 1/11/10 3:15:58 PM1/11/10 3:15:58 PM
Contents xix
Unauthorized Rogue Access 292 Rogue Devices 292 Rogue Prevention 296
Eavesdropping 298 Casual Eavesdropping 298 Malicious Eavesdropping 300 Eavesdropping Risks 301 Eavesdropping Prevention 302 Authentication Attacks 303
Denial-of-Service Attacks 305 Layer 1 DoS Attacks 306 Layer 2 DoS Attacks 310 MAC Spoofing 314 Wireless Hijacking 317 Management Interface Exploits 321 Vendor Proprietary Attacks 322 Physical Damage and Theft 323 Social Engineering 324
Public Access and WLAN Hotspots 326 Summary 327 Exam Essentials 327 Key Terms 328 Review Questions 330 Answers to Review Questions 334
Chapter 9 Wireless LAN Security Auditing 337
WLAN Security Audit 338 OSI Layer 1 Audit 340 OSI Layer 2 Audit 344 Penetration Testing 347 Wired Infrastructure Audit 349 Social Engineering Audit 349 WIPS Audit 350 Documenting the Audit 350 Audit Recommendations 352
WLAN Security Auditing Tools 353 Linux-Based Tools 356 Windows-Based Tools 359
Summary 359 Exam Essentials 360 Key Terms 360 Review Questions 361 Answers to Review Questions 366
ftoc.indd xixftoc.indd xix 1/11/10 3:15:58 PM1/11/10 3:15:58 PM
xx Contents
Wireless Intrusion Detection and Prevention Systems (WIDS and WIPS) 371
WIDS/WIPS Infrastructure Components 372 WIDS/WIPS Architecture Models 375 Multiple Radio Sensors 382 Sensor Placement 383
Device Classification 384 Rogue Detection 386 Rogue Mitigation 389 Device Tracking 392
WIDS/WIPS Analysis 397 Signature Analysis 397 Behavioral Analysis 398 Protocol Analysis 398 Spectrum Analysis 400 Forensic Analysis 402 Performance Analysis 403
Monitoring 404 Policy Enforcement 404 Alarms and Notification 406 False Positives 409 Reports 410
802.11n 410 Proprietary WIPS 413
Cloaking 414 Management Frame Protection 414
802.11w 415 Summary 416 Exam Essentials 417 Key Terms 418 Review Questions 419 Answers to Review Questions 424
Chapter 11 VPNs, Remote Access, and Guest Access Services 429
VPN Technology in 802.11 WLAN Architecture 430 VPN 101 431 VPN Client 433 WLAN Controllers: VPN Server for Client Access 433 VPN Client Security at Public Hotspots 434 Controller-to-Controller VPNs and Site-to-Site VPNs 435 VPNs Used to Protect Bridge Links 436
Remote Access 437
Contents xxi
Hotspots/Public Access Networks 441 Captive Portal 442
Summary 445 Exam Essentials 445 Key Terms 446 Review Questions 447 Answers to Review Questions 452
Chapter 12 WLAN Security Infrastructure 455
WLAN Architecture Capabilities Overview 457 Distribution System (DS) 458 Autonomous APs 458 WLAN Controllers 460 Split MAC 465 Mesh 465 WLAN Bridging 467 Cooperative Control 467 Location-Based Access Control 469 Hot Standby/Failover 469
Device Management 470 Protocols for Management 471 CAPWAP and LWAPP 475 Wireless Network Management System 476
RADIUS/LDAP Servers 477 Proxy Services 477 Features and Components 478 Integration 480 EAP Type Selection 481 Deployment Architectures and Scaling 482 RADIUS Failover 487 Timer Values 488 WAN Traversal 490 Multifactor Authentication Servers 491
Public Key Infrastructure (PKI) 491 Role-Based Access Control 494 Enterprise Encryption Gateways 497 Summary 498 Exam Essentials 499 Key Terms 500 Review Questions 501 Answers to Review Questions 505
ftoc.indd xxiftoc.indd xxi 1/11/10 3:16:00 PM1/11/10 3:16:00 PM
xxii Contents
General Policy 511 Policy Creation 511 Policy Management 514
Functional Policy 515 Password Policy 516 RBAC Policy 517 Change Control Policy 517 Authentication and Encryption Policy 518 WLAN Monitoring Policy 519 Endpoint Policy 519 Acceptable Use Policy 523 Physical Security 523 Remote Office Policy 523
Government and Industry Regulations 524 The US Department of Defense (DoD) Directive 8100.2 525 Federal Information Processing Standards (FIPS) 140-2 527 The Sarbanes-Oxley Act of 2002 (SOX) 528 Health Insurance Portability and Accountability
Act (HIPAA) 532 Payment Card Industry (PCI) Standard 534 Compliance Reports 539
802.11 WLAN Policy Recommendations 539 Summary 540 Exam Essentials 541 Key Terms 542 Review Questions 543 Answers to Review Questions 549
Appendices
Certifications 554 Organizations and Regulations 554 Measurements 555 Technical Terms 556
Power Regulations 569 2.4 GHz ISM Point-to-Multipoint (PtMP)
Communications 570 5 GHz UNII Point-to-Multipoint (PtMP)
Communications 570 2.4 GHz ISM Point-to-Point (PtP) Communications 571 5 GHz UNII Point-to-Point (PtP) Communications 572
ftoc.indd xxiiftoc.indd xxii 1/11/10 3:16:00 PM1/11/10 3:16:00 PM
Contents xxiii
Windows Registry Values that Control Preauthentication and PMK Caching 572
Appendix B WLAN Vendors 575
WLAN Infrastructure 576 WLAN Mesh Infrastructure 576 WLAN Auditing, Diagnostic, and Design Solutions 577 WLAN Management 577 WLAN Security Solutions 577 VoWiFi Solutions 578 WLAN Fixed Mobile Convergence 578 WLAN RTLS Solutions 578 WLAN SOHO Vendors 578
Appendix C About the Companion CD 579
What You’ll Find on the CD 580 Sybex Test Engine 580 Electronic Flashcards 580
System Requirements 581 Using the CD 581 Troubleshooting 581
Customer Care 582
ftoc.indd xxiiiftoc.indd xxiii 1/11/10 3:16:01 PM1/11/10 3:16:01 PM
Table of Exercises Exercise 2.1 Viewing Open System and Shared Key Authentication Frames. . . . . . . . 37
Exercise 2.2 Viewing Encrypted MSDU Payload of 802.11 Data Frames . . . . . . . . . . . . 42
Exercise 2.3 Viewing Hidden SSIDs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53
Exercise 3.1 TKIP Encrypted Frames . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82
Exercise 3.2 CCMP Encrypted Frames . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 86
Exercise 4.1 802.1X/EAP Frame Exchanges. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 159
Exercise 5.1 Dynamic WEP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 177
Exercise 5.2 Authentication and Key Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . 193
Exercise 5.3 The 4-Way Handshake . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 200
Exercise 6.1 Passphrase-PSK Mapping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 226
Exercise 10.1 Spectrum Analysis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 402
ftoc.indd xxivftoc.indd xxiv 1/11/10 3:16:01 PM1/11/10 3:16:01 PM
Foreword Wi-Fi is nearly ubiquitous. The term Wi-Fi is certainly well known and well understood. With such widespread acceptance comes widespread usage, requiring robust security. The IEEE has, as of this writing, succeeded in ratifying two major amendments to the 802.11 standard: 802.11i and 802.11n. Both require major adjustments to any enterprise’s WLAN security strategy.
The ratifi cation of the 802.11n amendment will likely have an even greater effect on Wi-Fi security than did the 802.11i amendment for one simple reason: 802.11n has caused many more enterprises to adopt Wi-Fi for regular, daily, and mission-critical networking applications because they now believe that wireless is about as close to wired as it can get. In other words, most people think 802.11n makes wireless fast enough to use in the enterprise.
That’s a great step. It means that there will be even more WLAN installations in every industry—which means more people will need to know how to install, manage, and troubleshoot these boundary-less networks. More importantly, you will have to know how to secure these networks!
With your acquisition of CWSP: Certifi ed Wireless Security Professional Offi cial Study Guide, you have taken a huge step toward making yourself indispensible to your organization’s wireless team. Well done! Now you can start preparing to prove your knowledge of enterprise Wi-Fi security. You can learn how hackers are trying to attack your wireless LAN, how to prevent them from doing so, and how to guide your organization’s policy toward large-scale deployment of enterprise Wi-Fi infrastructure and applications.
The CWSP certifi cation is now the third step in the CWNP line of certifi cations and remains focused on securing an enterprise 802.11 WLAN. CWSP includes topics such as 802.1X/EAP types, fast secure roaming, robust security networks, Layer 2 and 3 VPNs, wireless intrusion prevention system (WIPS) implementation, intrusion and attack techniques, and much more. Additional CWNP certifi cations focus more intensely on protocol analysis, quality of service, design, advanced surveying, VoWiFi, location tracking, and RF spectrum management.
David Coleman (CWNE #4) and David Westcott (CWNE #4) have worked as Certifi ed Wireless Network Trainers (CWNTs) for as long as the CWNT certifi cation has been available, and each was quick to pursue all CWNP certifi cations as they were released. Each has years of experience with a breadth of WLAN technologies and leading-edge products, which is obvious to their students and anyone working alongside them in the fi eld. Having worked with each of these gentlemen for years, I can confi dently say there could be no fi ner pair of seasoned trainers collaborating on a CWSP book.
The addition of Shawn Jackman (CWNE #54) and Bryan Harkins (CWNE #44) brings to the book a wealth of fi eld experience from the WLAN security and healthcare markets. Jackman leads the WLAN team at a major healthcare organization and Harkins is the lead
flast.indd xxvflast.indd xxv 1/12/10 7:34:00 PM1/12/10 7:34:00 PM
technical instructor for Motorola’s AirDefense unit. These WLAN veterans have devoted hundreds of hours to pouring their experience into this book, and the reader is certain to acquire a plethora of 802.11 knowledge. Coleman, Harkins, Jackman, and Westcott have played a big role in the shaping of CWNP and have each added tremendous value to the CWNA and CWSP certifi cations specifi cally.
We thank each of these fi ne authors for their constant support of CWNP, and congratulate them on the completion of their second Study Guide.
Kevin Sandlin Co-founder and CEO CWNP Inc.
xxvi Foreword
flast.indd xxviflast.indd xxvi 1/12/10 7:34:01 PM1/12/10 7:34:01 PM
Introduction If you have purchased this book or if you are even thinking about purchasing this book, you probably have some interest in taking the CWSP ® (Certifi ed Wireless Security Profes- sional) certifi cation exam or in learning what the CWSP certifi cation exam is about. The authors would like to congratulate you on this fi rst step, and we hope that our book can help you on your journey. Wireless local area networking (WLAN) is currently one of the hottest technologies on the market. Security is an important and mandatory aspect of 802.11 wireless technology. As with many fast - growing technologies, the demand for knowledgeable people is often greater than the supply. The CWSP certifi cation is one way to prove that you have the knowledge and skills to secure 802.11 wireless networks success- fully. This study guide is written with that goal in mind.
This book is designed to teach you about WLAN security so that you have the knowledge needed not only to pass the CWSP certifi cation test, but also to be able to design, install, and support wireless networks. We have included review questions at the end of each chapter to help you test your knowledge and prepare for the exam. We have also included labs, white papers, and presentations on the CD to facilitate your learning further.
Before we tell you about the certifi cation process and its requirements, we must mention that this information may have changed by the time you are taking your test. We recommend that you visit www.cwnp.com as you prepare to study for your test to check out the current objectives and requirements.
Do not just study the questions and answers! The practice questions in this book are designed to test your knowledge of a concept or objective that is likely to be on the CWSP exam. The practice questions will be different from the actual exam questions. If you learn and understand the topics and objectives in this book, you will be better prepared for the test.
About CWSP ® and CWNP ®
If you have ever prepared to take a certifi cation test for a technology with which you are unfamiliar, you know that you are not only studying to learn a different technology, but you are also probably learning about an industry with which you are unfamiliar. Read on and we will tell you about the CWNP Program. CWNP is an abbreviation for Certifi ed Wireless Network Professional . There is no CWNP test. The CWNP Program develops courseware and certifi cation exams for wireless LAN technologies in the computer net- working industry. The CWNP certifi cation program is a vendor - neutral program.
The objective of the CWNP Program is to certify people on wireless networking, not on a specifi c vendor ’ s product. Yes, at times the authors of this book and the creators of the certifi cation will talk about, or even demonstrate how to use a specifi c product; however,
flast.indd xxviiflast.indd xxvii 1/12/10 7:34:01 PM1/12/10 7:34:01 PM
xxviii Introduction
the goal is the overall understanding of wireless technology, not the product itself. If you learned to drive a car, you physically had to sit and practice in one. When you think back and reminisce, you probably do not tell anyone that you learned to drive a Ford; you probably say you learned to drive using a Ford.
There are fi ve wireless certifi cations offered by the CWNP Program:
CWTS ™ : Certified Wireless Technology Specialist The CWTS certifi cation is the latest certifi cation from the CWNP Program. CWTS is an entry - level enterprise WLAN certifi cation, and it is a recommended prerequisite for the CWNA certifi cation. This certifi cation is geared specifi cally toward both WLAN sales and support staff for the enterprise WLAN industry. The CWTS certifi cation exam (PW0 - 070) verifi es that sales and support staffs are specialists in WLAN technology and have all the fundamental knowledge, tools, and terminology to sell and support WLAN technologies more effectively.
CWNA ® : Certified Wireless Network Administrator The CWNA certifi cation is a foundation - level Wi - Fi certifi cation; however, it is not considered an “ entry - level ” technology certifi cation. Individuals taking the CWNA exam (PW0 - 104) typically have a solid grasp of network basics such as the OSI model, IP addressing, PC hardware, and network operating systems. Many candidates already hold other industry - recognized certifi cations, such as CompTIA Network+ or Cisco CCNA, and are looking to the CWNA certifi cation to enhance or complement existing skills.
CWSP ® : Certified Wireless Security Professional The CWSP certifi cation exam (PW0 - 204) is focused on standards - based wireless security protocols, security policy, and secure wireless network design. This certifi cation introduces candidates to many of the technologies and techniques that intruders use to compromise wireless networks and administrators use to protect wireless networks. With recent advances in wireless security, WLANs can be secured beyond their wired counterparts.
CWNE ® : Certified Wireless Network Expert The CWNE certifi cation (PW0 - 300) is the highest - level certifi cation in the CWNP Program. By successfully completing the CWNE requirements, you will have demonstrated that you have the most advanced skills available in today ’ s wireless LAN market. The CWNE exam (PW0 - 300) focuses on advanced WLAN analysis, design, troubleshooting, quality of service (QoS) mechanisms, spectrum management, and extensive knowledge of the IEEE 802.11 standard as amended.
CWNT ® : Certified Wireless Network Trainer Certifi ed Wireless Network Trainers are qualifi ed instructors certifi ed by the CWNP Program to deliver CWNP training courses to IT professionals. CWNTs are technical and instructional experts in wireless technologies, products, and solutions. To ensure a superior learning experience for our customers, CWNP Education Partners are required to use CWNTs when delivering training using Offi cial CWNP Courseware.
flast.indd xxviiiflast.indd xxviii 1/12/10 7:34:02 PM1/12/10 7:34:02 PM
Certifi ed Wireless Security Professional Offi cial Study Guide
The Offi cial Study Guide for Exam PW0-204 from CWNP®
CWSP ®
• Hundreds of Sample Questions
• Case Studies and Demo Software
Prepare for the Certifi ed Wireless Security Professional exam (PW0-204) with this new Offi cial Study Guide from CWNP. This comprehensive resource covers everything you need for the exam, including wireless security basics, risks, and policies; legacy 802.11 security and robust network security (RSN); encryption ciphers and methods; enterprise 802.11 layer 2 authentication methods; fast secure roaming, wireless intrusion prevention; and many other essential WLAN security topics and concepts. Inside you’ll fi nd:
• Full coverage of all exam objectives in a systematic approach, so you can be confi dent you’re getting the instruction you need for the exam
• Practical hands-on exercises to reinforce critical skills
• Real-world scenarios that put what you’ve learned in the context of actual job roles
• Challenging review questions in each chapter to prepare you for exam day
• Exam Essentials, a key feature in each chapter that identifi es critical areas you must become profi cient in before taking the exam
• White papers, demo software, practice exams, and over 150 fl ashcards on the CD to further facilitate your learning
• A handy tear card that maps every offi cial exam objective to the corresponding chapter in the book, so you can track your exam prep objective by objective
Look inside for complete coverage of all exam objectives.
SERIOUS SKILLS.
Exam PW0-204
Coleman Westcott Harkins Jackman
Exam PW0-204
A B O U T T H E A U T H O R S
David D. Coleman, CWNE #4, CWNA, CWSP, CWNT, is a WLAN security consultant and technical trainer with over twenty years of IT experience. The company he founded, AirSpy Networks (www.airspy.com), specializes in corporate WLAN training. David A. Westcott, CWNE #7, CWNA, CWSP, CWNT, is an independent consultant and WLAN technical trainer with over twenty years of experience. He has been a certifi ed trainer for over fi fteen years. Bryan E. Harkins, CWNE #44, CWSP, CWNA, CWNT, is the Training and Development Manager for Motorola AirDefense Solutions, a market leader in wireless intrusion prevention systems. Shawn M. Jackman, CWNE #54, CWNA, CWSP, CWAP is a principal WLAN engineer with Kaiser Permanente. He has over fi fteen years’ experience working with wireless manufacturers and integrators.
SYBEX TEST ENGINE: Test your knowledge with advanced testing software. Includes all chapter review questions and practice exams.
ELECTRONIC FLASHCARDS: Reinforce your understanding with electronic fl ashcards.
The CD also includes white papers and demo software.
Study anywhere, any time, and approach the exam with confi dence.
ABOUT THE CWNP PROGRAM CWNP is the industry standard for vendor- neutral, enterprise WLAN certifi cations. The focus is to educate IT professionals in the technology behind all enterprise WLAN products and to enable these profession- als to manage wireless LAN enterprise infrastructures, regardless of the vendor solution utilized. CWNP is a privately held corporation based in Atlanta, Georgia. For more information, visit www.cwnp.com.
www.sybex.com
CWSP®
Study Guide
CWSP®
Study Guide
ffirs.indd iiiffirs.indd iii 1/12/10 9:05:35 PM1/12/10 9:05:35 PM
Acquisitions Editor: Jeff Kellum Development Editor: Gary Schwartz Technical Editors: Sam Coyl and Marcus Burton Production Editor: Rachel McConlogue Copy Editor: Liz Welch Editorial Manager: Pete Gaughan Production Manager: Tim Tate Vice President and Executive Group Publisher: Richard Swadley Vice President and Publisher: Neil Edde Media Project Manager 1: Laura Moss-Hollister Media Associate Producer: Marilyn Hummel Media Quality Assurance: Josh Frank Book Designers: Judy Fung and Bill Gibson Proofreader: Publication Services, Inc. Indexer: Ted Laux Project Coordinator, Cover: Lynsey Stanford Cover Designer: Ryan Sneed
Copyright © 2010 by Wiley Publishing, Inc., Indianapolis, Indiana
Published simultaneously in Canada
ISBN: 978-0-470-43891-6
No part of this publication may be reproduced, stored in a retrieval system or transmitted in any form or by any means, electronic, mechanical, photocopying, recording, scanning or otherwise, except as permitted under Sections 107 or 108 of the 1976 United States Copyright Act, without either the prior written permission of the Publisher, or authorization through payment of the appropriate per-copy fee to the Copyright Clearance Center, 222 Rosewood Drive, Danvers, MA 01923, (978) 750-8400, fax (978) 646-8600. Requests to the Publisher for permission should be addressed to the Permissions Department, John Wiley & Sons, Inc., 111 River Street, Hoboken, NJ 07030, (201) 748-6011, fax (201) 748-6008, or online at http://www.wiley.com/go/permissions.
Limit of Liability/Disclaimer of Warranty: The publisher and the author make no representations or warranties with respect to the accuracy or completeness of the contents of this work and specifically disclaim all warran- ties, including without limitation warranties of fitness for a particular purpose. No warranty may be created or extended by sales or promotional materials. The advice and strategies contained herein may not be suitable for every situation. This work is sold with the understanding that the publisher is not engaged in rendering legal, accounting, or other professional services. If professional assistance is required, the services of a competent professional person should be sought. Neither the publisher nor the author shall be liable for damages arising here- from. The fact that an organization or Web site is referred to in this work as a citation and/or a potential source of further information does not mean that the author or the publisher endorses the information the organization or Web site may provide or recommendations it may make. Further, readers should be aware that Internet Web sites listed in this work may have changed or disappeared between when this work was written and when it is read.
For general information on our other products and services or to obtain technical support, please contact our Customer Care Department within the U.S. at (877) 762-2974, outside the U.S. at (317) 572-3993 or fax (317) 572-4002.
Wiley also publishes its books in a variety of electronic formats. Some content that appears in print may not be available in electronic books.
Library of Congress Cataloging-in-Publication Data
CWSP : certified wireless security professional official study guide (exam PW0-204) / David D. Coleman . . . [et al.]. — 1st ed.
p. cm.
ISBN 978-0-470-43891-6
TK5103.2.C87 2010
005.8076—dc22
2009042658
TRADEMARKS: Wiley, the Wiley logo, and the Sybex logo are trademarks or registered trademarks of John Wiley & Sons, Inc. and/or its affiliates, in the United States and other countries, and may not be used without written permission. CWSP is a registered trademark of CWNP, Inc. All other trademarks are the property of their respective owners. Wiley Publishing, Inc., is not associated with any product or vendor mentioned in this book.
10 9 8 7 6 5 4 3 2 1
ffirs.indd ivffirs.indd iv 1/12/10 9:05:36 PM1/12/10 9:05:36 PM
Dear Reader,
Thank you for choosing CWSP: Certifi ed Wireless Security Professional Offi cial Study Guide. This book is part of a family of premium-quality Sybex books, all of which are written by outstanding authors who combine practical experience with a gift for teaching.
Sybex was founded in 1976. More than 30 years later, we’re still committed to producing consistently exceptional books. With each of our titles, we’re working hard to set a new standard for the industry. From the paper we print on, to the authors we work with, our goal is to bring you the best books available.
I hope you see all that refl ected in these pages. I’d be very interested to hear your comments and get your feedback on how we’re doing. Feel free to let me know what you think about this or any other Sybex book by sending me an email at [email protected]. If you think you’ve found a technical error in this book, please visit http://sybex.custhelp .com. Customer feedback is critical to our efforts at Sybex.
Best regards,
Neil Edde Vice President and Publisher Sybex, an Imprint of Wiley
ffirs.indd vffirs.indd v 1/12/10 9:05:37 PM1/12/10 9:05:37 PM
ffirs.indd viffirs.indd vi 1/12/10 9:05:37 PM1/12/10 9:05:37 PM
We dedicate this book to all the men and women of the United States
Armed Forces for putting their private lives aside to preserve and protect
freedom. Thank you for your service and your sacrifi ce.
ffirs.indd viiffirs.indd vii 1/12/10 9:05:37 PM1/12/10 9:05:37 PM
Acknowledgments David Coleman would once again like to thank his children, Brantley and Carolina, for their patience and understanding of their father throughout the writing of yet another book. I love you kids very much. David would also like to thank his mother, Marjorie Barnes, and his stepfather, William Barnes, for many years of support and encouragement. David would also like to thank his brother, Rob Coleman, for all his help during a tough year.
David Westcott would like to thank his parents, Kathy and George, who have provided so much support and love and from whom he has learned so much. He would also like to thank Janie, Jennifer, and Samantha for their patience and understanding of life on the road and for their support throughout the writing of this book.
Bryan Harkins would like to thank his wife, Ronda, and his two daughters, Chrystan and Catelynn, for enduring the constant travel and time away from them it has taken to create this book. I love the three of you very much. I would also like to thank my parents for always being there and my brother Chris for getting me into IT in the fi rst place. Additionally, I would like to thank David Thomas and Ralf Deltrap of Motorola AirDefense Solutions for making me part of the AirDefense team years ago.
Shawn Jackman would like to thank his parents, Alice and Steve, for the many years of encouragement and unquestioning support, but most of all for leading by example as a parent, provider, and character example. Shawn would also like to thank his wife, Joy, the world’s most supportive and wonderful woman a Wi-Fi geek could ever ask for. And, of course, to his children, Summer, Pierce, and Julia, who are loved by their daddy more than they will ever know.
Writing CWSP: Certifi ed Wireless Security Professional Offi cial Study Guide has been an adventure from the start. We would like to thank the following individuals for their support and contributions during the entire process.
We must fi rst thank Sybex acquisitions editor Jeff Kellum for initially fi nding us and bringing us on to this project. Jeff is an extremely patient and understanding editor who occasionally sends a nasty email message. We would also like to thank our development editor, Gary Schwartz. We also need to send special thanks to our editorial manager, Pete Gaughan; our production editor, Rachel McConlogue; and Liz Welch, our copyeditor.
We also need to give a big shout-out to our technical editor, Sam Coyl. Sam is a member of the IEEE with many years of practical experience in wireless communications. His contributions to the book were nothing short of invaluable. When Sam is not providing awesome technical editing, he is vice president of business development for Netrepid (www.netrepid.com), a wireless solutions provider.
We would also like to thank Marcus Burton, Cary Chandler, Abbey Cole, and Kevin Sandlin of the CWNP program (www.cwnp.com). All CWNP employees, past and present, should be proud of the internationally renowned wireless certifi cation program that sets the education standard within the enterprise Wi-Fi industry. It has been a pleasure working with all of you the past 10 years. Special thanks go to Marcus Burton for his feedback and content review.
ffirs.indd viiiffirs.indd viii 1/12/10 9:05:37 PM1/12/10 9:05:37 PM
Thanks goes to the students who attended an October 2009 CWSP evaluation class held in Atlanta. Those students include Ray Baum and Max Lopez from the University of Colorado, Joe Altmann from Polycom, and Randall Bobula from the CME Group. Also contributing that week was our favorite Meruvian, Diana Cortes from the University of Miami.
We would also like to thank Devin Akin, Chief Architect of Aerohive Networks. Devin has been a Wi-Fi guru for all four authors for many years.
Shawn would also like to thank the following co-workers and professional colleagues: Nico Arcino, Ken Fisch, Tom Head, Jon Krabbenschmidt, and George Stefanick.
We would also like to thank the following individuals and companies for their support and contributions to the book:
Aerohive Networks (www.aerohive.com) — Devin Akin, Adam Conway, and Paul Levasseur
AeroScout (www.aeroscout.com) — Steffan Haithcox and Scott Phillips.
AirDefense (www.airdefense.net) — Ralf Deltrap and David Thomas
AirMagnet (www.airmagnet.com) — Dilip Advani
AirWave (www.airwave.com) — Patrick Smith
By-Light (www.by-light.com) — Steve Hurdle
CACE Technologies (www.cacetech.com) — Janice Spampinato
Cisco Systems (www.cisco.com) — Chris Allen, John Helm, Matt Swartz, and Hao Zhao
Fluke Networks (www.flukenetworks.com) — Carolyn Carter, Dan Klimke, and Lori Whitmer
Immunity (www.immunityinc.com) — Steven Laskowski
NetStumbler (www.netstumbler.com) — Marius Milner
Vocera (www.vocera.com) — Arun Mirchandani, Steve Newsome, and Brian Sturges
Wi-Fi Alliance (www.wifi.org) — Kelly Davis-Felner and Krista Ford
WildPackets (www.wildpackets.com) — Stephanie Temples
ffirs.indd ixffirs.indd ix 1/12/10 9:05:38 PM1/12/10 9:05:38 PM
About the Authors David D. Coleman is a WLAN security consultant and trainer. He teaches the CWNP classes that are recognized throughout the world as the industry standard for wireless networking certifi cation, and he also conducts vendor-specifi c Wi-Fi training. He has also taught numerous “train-the-trainer” classes and “beta” classes for the CWNP program. David has instructed IT professionals from around the globe in wireless networking administration, wireless security, and wireless frame analysis. The company he founded, AirSpy Networks (www.airspy.com), specializes in corporate training and has worked in the past with Avaya, Nortel, Polycom, and Siemens. AirSpy Networks also specializes in government classes, and it has trained numerous computer security employees from various law enforcement agencies, the U.S. Marines, the U.S. Army, the U.S. Navy, the U.S. Air Force, and other federal and state government agencies. David has written many books and white papers about wireless networking, and he is considered an authority on 802.11 technology.
David is also a member of the Certifi ed Wireless Network Expert (CWNE) Roundtable, a selected group of individuals who work with the CWNP program to provide direction for the CWNP exams and certifi cations. David resides in Atlanta, Georgia, where he shares a home with his two children, Carolina and Brantley. David Coleman is CWNE #4, and he can be reached via email at [email protected].
David Westcott is an independent consultant and technical trainer with over 25 years of experience in information technology, specializing in computer networking and security. In addition to providing advice and direction to corporate clients, David has been a certifi ed trainer for over 17 years, providing training to government agencies, corporations, and universities around the world. David was an adjunct faculty member for Boston University’s Corporate Education Center for over 10 years, and he has developed courseware on wireless networking, wireless mesh networking, wired networking, and security for Boston University and many other clients.
Since installing his fi rst wireless network in 1999, David has become a Certifi ed Wireless Network Trainer, Administrator, Security Professional, and Analysis Professional. David is also a member of the CWNE Roundtable. David has earned certifi cations from Cisco, Aruba, Microsoft, EC-Council, CompTIA, and Novell. David lives in Concord, Massachusetts with his wife Janie and his stepdaughters, Jennifer and Samantha. A licensed pilot, he enjoys fl ying his Piper Cherokee 180 around New England when he is not fl ying around the world commercially. David is CWNE #7, and he can be reached via email at [email protected].
ffirs.indd xffirs.indd x 1/12/10 9:05:39 PM1/12/10 9:05:39 PM
Shawn Jackman currently oversees wireless enterprise engineering for a large healthcare provider and adopter of 802.11 technology. Prior to that, Shawn has been on both sides of the table, working for a WLAN manufacturer and with wireless integrators. Shawn has been intensely focused on large-scale VoWiFi, QoS, and RTLS applications for over three years, and he spends a considerable amount of his time doing end-user design, deployment, and troubleshooting for various vendors’ equipment. Shawn has traveled the United States and internationally designing wired and wireless networks, from concept to completion, for healthcare, warehouse, hospitality, education, metro/municipal, government, franchise, and retail environments. He has served as an on-air technical personality for a weekly syndicated call-in talk radio show with over 5 million listeners worldwide and is considered an authority on Wi-Fi technology.
Shawn is a member of the CWNE Roundtable. He lives in the San Francisco Bay area with his wife Joy and their three children, Summer, Pierce, and Julia. Shawn is CWNE #54, and he can be reached via email at [email protected].
Bryan Harkins is currently the training and development manager for Motorola AirDefense Solutions and has over 20 years experience in the IT fi eld. He has been involved in areas ranging from customer support and sales to network security and design. He has developed custom curriculum for government agencies and Fortune 500 companies alike. Over the years, he has helped numerous students reach their certifi cation and knowledge goals through his exceptional skills as an instructor. He delivers both public and private wireless security classes around the world and holds several prestigious industry certifi cations, including MCSE, CWNE, and CWNT.
Bryan has spoken during Secure World Expo, Armed Forces Communications and Electronics Association (AFCEA) events, and Microsoft Broad Reach as well as many other industry events. He holds a degree in aviation from Georgia State University. Bryan is a native of Atlanta, Georgia, and still lives in the area with his wife Ronda and two daughters, Chrystan and Catelynn. Bryan is also a member of the CWNE Roundtable. Bryan is CWNE #44, and he can be reached via email at [email protected].
About the Authors xi
Contents at a Glance Introduction xxvii
Assessment Test xlii
Chapter 3 Encryption Ciphers and Methods 65
Chapter 4 Enterprise 802.11 Layer 2 Authentication Methods 101
Chapter 5 802.11 Layer 2 Dynamic Encryption Key Generation 173
Chapter 6 SOHO 802.11 Security 221
Chapter 7 802.11 Fast Secure Roaming 249
Chapter 8 Wireless Security Risks 291
Chapter 9 Wireless LAN Security Auditing 337
Chapter 10 Wireless Security Monitoring 369
Chapter 11 VPNs, Remote Access, and Guest Access Services 429
Chapter 12 WLAN Security Infrastructure 455
Chapter 13 Wireless Security Policies 509
Appendix A Abbreviations, Acronyms, and Regulations 553
Appendix B WLAN Vendors 575
Appendix C About the Companion CD 579
Glossary 583
Index 623
Contents Introduction xxvii
Assessment Test xlii
Standards Organizations 3 International Organization for Standardization (ISO) 3 Institute of Electrical and Electronics Engineers (IEEE) 4 Internet Engineering Task Force (IETF) 5 Wi-Fi Alliance 7
802.11 Networking Basics 10 802.11 Security Basics 12
Data Privacy 13 Authentication, Authorization, Accounting (AAA) 15 Segmentation 15 Monitoring 16 Policy 16
802.11 Security History 16 802.11i Security amendment and WPA Certifications 17 Robust Security Network (RSN) 19 The Future of 802.11 Security 19
Summary 21 Exam Essentials 22 Key Terms 22 Review Questions 24 Answers to Review Questions 29
Chapter 2 Legacy 802.11 Security 31
Authentication 32 Open System Authentication 33 Shared Key Authentication 35
Wired Equivalent Privacy (WEP) Encryption 38 Virtual Private Networks (VPNs) 43
Point-to-Point Tunneling Protocol (PPTP) 45 Layer 2 Tunneling Protocol (L2TP) 46 Internet Protocol Security (IPsec) 46 Configuration Complexity 47 Scalability 47
MAC Filters 48 SSID Segmentation 49 SSID Cloaking 51
ftoc.indd xvftoc.indd xv 1/11/10 3:15:56 PM1/11/10 3:15:56 PM
xvi Contents
Summary 55 Exam Essentials 55 Key Terms 56 Review Questions 57 Answers to Review Questions 62
Chapter 3 Encryption Ciphers and Methods 65
Encryption Basics 66 Symmetric and Asymmetric Algorithms 67 Stream and Block Ciphers 68 RC4 69 RC5 70 DES 70 3DES 71
AES 71 WLAN Encryption Methods 72 WEP 73
WEP MPDU 74 TKIP 75
TKIP MPDU 80 CCMP 83
CCMP MPDU 85 WPA/WPA2 88 Proprietary Layer 2 Implementations 89 Summary 90 Exam Essentials 90 Key Terms 91 Review Questions 93 Answers to Review Questions 98
Chapter 4 Enterprise 802.11 Layer 2 Authentication Methods 101
WLAN Authentication Overview 103 AAA 104
Authentication 105 Authorization 106 Accounting 108
802.1X 109 Supplicant 110 Authenticator 115 Authentication Server 119
Supplicant Credentials 122 Usernames and Passwords 123 Digital Certificates and PACs 124 One-time Passwords 126
ftoc.indd xviftoc.indd xvi 1/11/10 3:15:56 PM1/11/10 3:15:56 PM
Contents xvii
Smart Cards and USB Tokens 128 Machine Authentication 129 Preshared Keys 130 Proximity Badges and RFID Tags 130 Biometrics 131
Authentication Server Credentials 131 Shared Secret 136 Legacy Authentication Protocols 137
PAP 137 CHAP 137 MS-CHAP 137 MS-CHAPv2 138
EAP 138 Weak EAP Protocols 141 EAP-MD5 142 EAP-LEAP 142 Strong EAP Protocols 145 EAP-PEAP 146 EAP-TTLS 150 EAP-TLS 151 EAP-FAST 153 PACs 154 Miscellaneous EAP Protocols 158 EAP-SIM 158 EAP-AKA 158
Summary 161 Exam Essentials 161 Key Terms 162 Review Questions 164 Answers to Review Questions 169
Chapter 5 802.11 Layer 2 Dynamic Encryption Key Generation 173
Advantages of Dynamic Encryption 174 Robust Security Network (RSN) 179
RSN Information Element 184 Authentication and Key Management (AKM) 189 RSNA Key Hierarchy 194 4-Way Handshake 198 Group Key Handshake 201 PeerKey Handshake 203 RSNA Security Associations 204 Passphrase-to-PSK Mapping 205 Roaming and Dynamic Keys 207
ftoc.indd xviiftoc.indd xvii 1/11/10 3:15:57 PM1/11/10 3:15:57 PM
xviii Contents
Summary 207 Exam Essentials 208 Key Terms 209 Review Questions 210 Answers to Review Questions 216
Chapter 6 SOHO 802.11 Security 221
WPA/WPA2-Personal 222 Preshared Keys (PSK) and Passphrases 223 WPA/WPA2-Personal Risks 228 Entropy 228 Proprietary PSK 231
Wi-Fi Protected Setup (WPS) 232 WPS Architecture 233
SOHO Security Best Practices 238 Summary 238 Exam Essentials 239 Key Terms 240 Review Questions 241 Answers to Review Questions 246
Chapter 7 802.11 Fast Secure Roaming 249
History of 802.11 Roaming 250 Client Roaming Thresholds 251 AP-to-AP Handoff 252
RSNA 254 PMKSA 254 PMK Caching 257 Preauthentication 259
Opportunistic Key Caching (OKC) 260 Proprietary FSR 264 Fast BSS Transition (FT) 264
Information Elements 268 FT Initial Mobility Domain Association 268 Over-the-Air Fast BSS Transition 270 Over-the-DS Fast BSS Transition 271
802.11k 273 Voice Personal and Voice Enterprise 273 Layer 3 Roaming 274 Troubleshooting 276 SCA Roaming 277 Exam Essentials 280 Key Terms 281 Review Questions 283 Answers to Review Questions 287
ftoc.indd xviiiftoc.indd xviii 1/11/10 3:15:58 PM1/11/10 3:15:58 PM
Contents xix
Unauthorized Rogue Access 292 Rogue Devices 292 Rogue Prevention 296
Eavesdropping 298 Casual Eavesdropping 298 Malicious Eavesdropping 300 Eavesdropping Risks 301 Eavesdropping Prevention 302 Authentication Attacks 303
Denial-of-Service Attacks 305 Layer 1 DoS Attacks 306 Layer 2 DoS Attacks 310 MAC Spoofing 314 Wireless Hijacking 317 Management Interface Exploits 321 Vendor Proprietary Attacks 322 Physical Damage and Theft 323 Social Engineering 324
Public Access and WLAN Hotspots 326 Summary 327 Exam Essentials 327 Key Terms 328 Review Questions 330 Answers to Review Questions 334
Chapter 9 Wireless LAN Security Auditing 337
WLAN Security Audit 338 OSI Layer 1 Audit 340 OSI Layer 2 Audit 344 Penetration Testing 347 Wired Infrastructure Audit 349 Social Engineering Audit 349 WIPS Audit 350 Documenting the Audit 350 Audit Recommendations 352
WLAN Security Auditing Tools 353 Linux-Based Tools 356 Windows-Based Tools 359
Summary 359 Exam Essentials 360 Key Terms 360 Review Questions 361 Answers to Review Questions 366
ftoc.indd xixftoc.indd xix 1/11/10 3:15:58 PM1/11/10 3:15:58 PM
xx Contents
Wireless Intrusion Detection and Prevention Systems (WIDS and WIPS) 371
WIDS/WIPS Infrastructure Components 372 WIDS/WIPS Architecture Models 375 Multiple Radio Sensors 382 Sensor Placement 383
Device Classification 384 Rogue Detection 386 Rogue Mitigation 389 Device Tracking 392
WIDS/WIPS Analysis 397 Signature Analysis 397 Behavioral Analysis 398 Protocol Analysis 398 Spectrum Analysis 400 Forensic Analysis 402 Performance Analysis 403
Monitoring 404 Policy Enforcement 404 Alarms and Notification 406 False Positives 409 Reports 410
802.11n 410 Proprietary WIPS 413
Cloaking 414 Management Frame Protection 414
802.11w 415 Summary 416 Exam Essentials 417 Key Terms 418 Review Questions 419 Answers to Review Questions 424
Chapter 11 VPNs, Remote Access, and Guest Access Services 429
VPN Technology in 802.11 WLAN Architecture 430 VPN 101 431 VPN Client 433 WLAN Controllers: VPN Server for Client Access 433 VPN Client Security at Public Hotspots 434 Controller-to-Controller VPNs and Site-to-Site VPNs 435 VPNs Used to Protect Bridge Links 436
Remote Access 437
Contents xxi
Hotspots/Public Access Networks 441 Captive Portal 442
Summary 445 Exam Essentials 445 Key Terms 446 Review Questions 447 Answers to Review Questions 452
Chapter 12 WLAN Security Infrastructure 455
WLAN Architecture Capabilities Overview 457 Distribution System (DS) 458 Autonomous APs 458 WLAN Controllers 460 Split MAC 465 Mesh 465 WLAN Bridging 467 Cooperative Control 467 Location-Based Access Control 469 Hot Standby/Failover 469
Device Management 470 Protocols for Management 471 CAPWAP and LWAPP 475 Wireless Network Management System 476
RADIUS/LDAP Servers 477 Proxy Services 477 Features and Components 478 Integration 480 EAP Type Selection 481 Deployment Architectures and Scaling 482 RADIUS Failover 487 Timer Values 488 WAN Traversal 490 Multifactor Authentication Servers 491
Public Key Infrastructure (PKI) 491 Role-Based Access Control 494 Enterprise Encryption Gateways 497 Summary 498 Exam Essentials 499 Key Terms 500 Review Questions 501 Answers to Review Questions 505
ftoc.indd xxiftoc.indd xxi 1/11/10 3:16:00 PM1/11/10 3:16:00 PM
xxii Contents
General Policy 511 Policy Creation 511 Policy Management 514
Functional Policy 515 Password Policy 516 RBAC Policy 517 Change Control Policy 517 Authentication and Encryption Policy 518 WLAN Monitoring Policy 519 Endpoint Policy 519 Acceptable Use Policy 523 Physical Security 523 Remote Office Policy 523
Government and Industry Regulations 524 The US Department of Defense (DoD) Directive 8100.2 525 Federal Information Processing Standards (FIPS) 140-2 527 The Sarbanes-Oxley Act of 2002 (SOX) 528 Health Insurance Portability and Accountability
Act (HIPAA) 532 Payment Card Industry (PCI) Standard 534 Compliance Reports 539
802.11 WLAN Policy Recommendations 539 Summary 540 Exam Essentials 541 Key Terms 542 Review Questions 543 Answers to Review Questions 549
Appendices
Certifications 554 Organizations and Regulations 554 Measurements 555 Technical Terms 556
Power Regulations 569 2.4 GHz ISM Point-to-Multipoint (PtMP)
Communications 570 5 GHz UNII Point-to-Multipoint (PtMP)
Communications 570 2.4 GHz ISM Point-to-Point (PtP) Communications 571 5 GHz UNII Point-to-Point (PtP) Communications 572
ftoc.indd xxiiftoc.indd xxii 1/11/10 3:16:00 PM1/11/10 3:16:00 PM
Contents xxiii
Windows Registry Values that Control Preauthentication and PMK Caching 572
Appendix B WLAN Vendors 575
WLAN Infrastructure 576 WLAN Mesh Infrastructure 576 WLAN Auditing, Diagnostic, and Design Solutions 577 WLAN Management 577 WLAN Security Solutions 577 VoWiFi Solutions 578 WLAN Fixed Mobile Convergence 578 WLAN RTLS Solutions 578 WLAN SOHO Vendors 578
Appendix C About the Companion CD 579
What You’ll Find on the CD 580 Sybex Test Engine 580 Electronic Flashcards 580
System Requirements 581 Using the CD 581 Troubleshooting 581
Customer Care 582
ftoc.indd xxiiiftoc.indd xxiii 1/11/10 3:16:01 PM1/11/10 3:16:01 PM
Table of Exercises Exercise 2.1 Viewing Open System and Shared Key Authentication Frames. . . . . . . . 37
Exercise 2.2 Viewing Encrypted MSDU Payload of 802.11 Data Frames . . . . . . . . . . . . 42
Exercise 2.3 Viewing Hidden SSIDs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53
Exercise 3.1 TKIP Encrypted Frames . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82
Exercise 3.2 CCMP Encrypted Frames . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 86
Exercise 4.1 802.1X/EAP Frame Exchanges. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 159
Exercise 5.1 Dynamic WEP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 177
Exercise 5.2 Authentication and Key Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . 193
Exercise 5.3 The 4-Way Handshake . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 200
Exercise 6.1 Passphrase-PSK Mapping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 226
Exercise 10.1 Spectrum Analysis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 402
ftoc.indd xxivftoc.indd xxiv 1/11/10 3:16:01 PM1/11/10 3:16:01 PM
Foreword Wi-Fi is nearly ubiquitous. The term Wi-Fi is certainly well known and well understood. With such widespread acceptance comes widespread usage, requiring robust security. The IEEE has, as of this writing, succeeded in ratifying two major amendments to the 802.11 standard: 802.11i and 802.11n. Both require major adjustments to any enterprise’s WLAN security strategy.
The ratifi cation of the 802.11n amendment will likely have an even greater effect on Wi-Fi security than did the 802.11i amendment for one simple reason: 802.11n has caused many more enterprises to adopt Wi-Fi for regular, daily, and mission-critical networking applications because they now believe that wireless is about as close to wired as it can get. In other words, most people think 802.11n makes wireless fast enough to use in the enterprise.
That’s a great step. It means that there will be even more WLAN installations in every industry—which means more people will need to know how to install, manage, and troubleshoot these boundary-less networks. More importantly, you will have to know how to secure these networks!
With your acquisition of CWSP: Certifi ed Wireless Security Professional Offi cial Study Guide, you have taken a huge step toward making yourself indispensible to your organization’s wireless team. Well done! Now you can start preparing to prove your knowledge of enterprise Wi-Fi security. You can learn how hackers are trying to attack your wireless LAN, how to prevent them from doing so, and how to guide your organization’s policy toward large-scale deployment of enterprise Wi-Fi infrastructure and applications.
The CWSP certifi cation is now the third step in the CWNP line of certifi cations and remains focused on securing an enterprise 802.11 WLAN. CWSP includes topics such as 802.1X/EAP types, fast secure roaming, robust security networks, Layer 2 and 3 VPNs, wireless intrusion prevention system (WIPS) implementation, intrusion and attack techniques, and much more. Additional CWNP certifi cations focus more intensely on protocol analysis, quality of service, design, advanced surveying, VoWiFi, location tracking, and RF spectrum management.
David Coleman (CWNE #4) and David Westcott (CWNE #4) have worked as Certifi ed Wireless Network Trainers (CWNTs) for as long as the CWNT certifi cation has been available, and each was quick to pursue all CWNP certifi cations as they were released. Each has years of experience with a breadth of WLAN technologies and leading-edge products, which is obvious to their students and anyone working alongside them in the fi eld. Having worked with each of these gentlemen for years, I can confi dently say there could be no fi ner pair of seasoned trainers collaborating on a CWSP book.
The addition of Shawn Jackman (CWNE #54) and Bryan Harkins (CWNE #44) brings to the book a wealth of fi eld experience from the WLAN security and healthcare markets. Jackman leads the WLAN team at a major healthcare organization and Harkins is the lead
flast.indd xxvflast.indd xxv 1/12/10 7:34:00 PM1/12/10 7:34:00 PM
technical instructor for Motorola’s AirDefense unit. These WLAN veterans have devoted hundreds of hours to pouring their experience into this book, and the reader is certain to acquire a plethora of 802.11 knowledge. Coleman, Harkins, Jackman, and Westcott have played a big role in the shaping of CWNP and have each added tremendous value to the CWNA and CWSP certifi cations specifi cally.
We thank each of these fi ne authors for their constant support of CWNP, and congratulate them on the completion of their second Study Guide.
Kevin Sandlin Co-founder and CEO CWNP Inc.
xxvi Foreword
flast.indd xxviflast.indd xxvi 1/12/10 7:34:01 PM1/12/10 7:34:01 PM
Introduction If you have purchased this book or if you are even thinking about purchasing this book, you probably have some interest in taking the CWSP ® (Certifi ed Wireless Security Profes- sional) certifi cation exam or in learning what the CWSP certifi cation exam is about. The authors would like to congratulate you on this fi rst step, and we hope that our book can help you on your journey. Wireless local area networking (WLAN) is currently one of the hottest technologies on the market. Security is an important and mandatory aspect of 802.11 wireless technology. As with many fast - growing technologies, the demand for knowledgeable people is often greater than the supply. The CWSP certifi cation is one way to prove that you have the knowledge and skills to secure 802.11 wireless networks success- fully. This study guide is written with that goal in mind.
This book is designed to teach you about WLAN security so that you have the knowledge needed not only to pass the CWSP certifi cation test, but also to be able to design, install, and support wireless networks. We have included review questions at the end of each chapter to help you test your knowledge and prepare for the exam. We have also included labs, white papers, and presentations on the CD to facilitate your learning further.
Before we tell you about the certifi cation process and its requirements, we must mention that this information may have changed by the time you are taking your test. We recommend that you visit www.cwnp.com as you prepare to study for your test to check out the current objectives and requirements.
Do not just study the questions and answers! The practice questions in this book are designed to test your knowledge of a concept or objective that is likely to be on the CWSP exam. The practice questions will be different from the actual exam questions. If you learn and understand the topics and objectives in this book, you will be better prepared for the test.
About CWSP ® and CWNP ®
If you have ever prepared to take a certifi cation test for a technology with which you are unfamiliar, you know that you are not only studying to learn a different technology, but you are also probably learning about an industry with which you are unfamiliar. Read on and we will tell you about the CWNP Program. CWNP is an abbreviation for Certifi ed Wireless Network Professional . There is no CWNP test. The CWNP Program develops courseware and certifi cation exams for wireless LAN technologies in the computer net- working industry. The CWNP certifi cation program is a vendor - neutral program.
The objective of the CWNP Program is to certify people on wireless networking, not on a specifi c vendor ’ s product. Yes, at times the authors of this book and the creators of the certifi cation will talk about, or even demonstrate how to use a specifi c product; however,
flast.indd xxviiflast.indd xxvii 1/12/10 7:34:01 PM1/12/10 7:34:01 PM
xxviii Introduction
the goal is the overall understanding of wireless technology, not the product itself. If you learned to drive a car, you physically had to sit and practice in one. When you think back and reminisce, you probably do not tell anyone that you learned to drive a Ford; you probably say you learned to drive using a Ford.
There are fi ve wireless certifi cations offered by the CWNP Program:
CWTS ™ : Certified Wireless Technology Specialist The CWTS certifi cation is the latest certifi cation from the CWNP Program. CWTS is an entry - level enterprise WLAN certifi cation, and it is a recommended prerequisite for the CWNA certifi cation. This certifi cation is geared specifi cally toward both WLAN sales and support staff for the enterprise WLAN industry. The CWTS certifi cation exam (PW0 - 070) verifi es that sales and support staffs are specialists in WLAN technology and have all the fundamental knowledge, tools, and terminology to sell and support WLAN technologies more effectively.
CWNA ® : Certified Wireless Network Administrator The CWNA certifi cation is a foundation - level Wi - Fi certifi cation; however, it is not considered an “ entry - level ” technology certifi cation. Individuals taking the CWNA exam (PW0 - 104) typically have a solid grasp of network basics such as the OSI model, IP addressing, PC hardware, and network operating systems. Many candidates already hold other industry - recognized certifi cations, such as CompTIA Network+ or Cisco CCNA, and are looking to the CWNA certifi cation to enhance or complement existing skills.
CWSP ® : Certified Wireless Security Professional The CWSP certifi cation exam (PW0 - 204) is focused on standards - based wireless security protocols, security policy, and secure wireless network design. This certifi cation introduces candidates to many of the technologies and techniques that intruders use to compromise wireless networks and administrators use to protect wireless networks. With recent advances in wireless security, WLANs can be secured beyond their wired counterparts.
CWNE ® : Certified Wireless Network Expert The CWNE certifi cation (PW0 - 300) is the highest - level certifi cation in the CWNP Program. By successfully completing the CWNE requirements, you will have demonstrated that you have the most advanced skills available in today ’ s wireless LAN market. The CWNE exam (PW0 - 300) focuses on advanced WLAN analysis, design, troubleshooting, quality of service (QoS) mechanisms, spectrum management, and extensive knowledge of the IEEE 802.11 standard as amended.
CWNT ® : Certified Wireless Network Trainer Certifi ed Wireless Network Trainers are qualifi ed instructors certifi ed by the CWNP Program to deliver CWNP training courses to IT professionals. CWNTs are technical and instructional experts in wireless technologies, products, and solutions. To ensure a superior learning experience for our customers, CWNP Education Partners are required to use CWNTs when delivering training using Offi cial CWNP Courseware.
flast.indd xxviiiflast.indd xxviii 1/12/10 7:34:02 PM1/12/10 7:34:02 PM