MAC Address Spoofing 73 Man in the Middle (MITM) 96 Management Interface Exploits 98 Measuring Threats 439 Mobile Device Management (MDM) 346 Mobile Device Management Solutions 140 Monitoring in the Cloud 444 MSK—Master Session Key 245 Mutual Authentication 186 Network Access Control 192 Network Extension 8 Network Layer 26 Network Segmentation 340 Network Traversal Analysis 36 New 802.11 Challenges 443 Open System Authentication 75 openBmap 64 Opportunistic Key Caching (OKC) 381 Other Common Concerns 102 Over-the-Air FT 387 Over-the-DS FT 388 Pairwise Master Key (PMK) Caching 379 Passive WLAN Discovery 56 Passphrase-based Security 171 Password Generation Utilities 183 Password Policy 135
PCI Compliance as an Example 424 PEAP 212 PEAPv0/EAP-MSCHAPv2 215 Peer-to-Peer 95 Personal Network Usage Threat Assessment 7 Per-user PSK (PPSK) 179 Physical Layer 28 Physical Layer Defenses 453 PMKID—Pairwise Master Key Identifier 245 PMK—Pairwise Master Key 245 PMKSA—Pairwise Master Key Security Association 245 Policy Importance 125 Popular Public Access Wi-Fi Databases 64 Preauthentication 377 Pre-Robust Security Network Association (pre-RSNA) 246 Pre-RSNA networks 3 Pre-RSNA—Pre-robust Security Network Association 244 Private Data 34 Product Certificates 17 Proprietary LEAP 82 Protocol Analyzer Software and Hardware 413 PSK Key Hierarchy 255 PSK Roaming 366 PTK—Pairwise Transient Key 245 PTKSA—Pairwise Transient Key Security Association 246 Public Access Networks 103, 333
Public Access Risks 335 Public Data 34 Public Network Security 23 Radio Frequency (RF) 5 RADIUS 19 RADIUS Authentication 195 RADIUS Authentication Exchange 197 Random Password Generation 184 Regulations 124 Remote Access Security 24 Remote AP 329 Remote Authentication Dial Description 185 Remote Client Access 330 Reporting and Auditing 423 RF DoS 92 Risk Assessment - Document and Define 130 Risk Assessment Buy-In and Training 130 Robust Security Network (RSN) 246, 247 Rogue AP and Client Detection 414 Role-Based Access Control 189 RSN (Robust Security Network) 19 RSN Information Element 248 RSNA—Robust Security Network Association 244 RSN-IE 58 RSN—Robust Security Network 244
Secure Management Protocols 409 Security Analysis Basics 28 Security and the OSI Model 24 Security Baselines 137 Security Monitoring 422 Security Policy 125 Security Policy Defined 122 Server-side Certificates 200 Shared Key Authentication 79 Shared Key Authentication Uses WEP 80 Single Building or Campus 202 Single Channel Architecture 389 Site survey 68 Skyhook 64 Small Business Security 21 Sniffing 36 Social Engineering 89 Social Networking Policy 142 Spectrum Analysis 452 Spectrum Analyzer Software and Hardware 414 SSID 58 SSID Field in Other Frames 69 SSID Hiding 67 STA Definition 3 Stream Ciphers 288 Strong Passphrases 20, 182
Supported Rates 58 Symmetric Key Encryption 285 TKIP (WPA) 300 Transitional Security Network (TSN) 246 Transitional Security Networks 4 TSN—Transition Security Network 244 Tunneling and Split Tunneling 332 Unicast Encryption Description 257 Updating the Kali Linux VM 487 Usage Threat Assessment 7 Using port security on switches 419 Virtual Private Networking Basics 322 VMware Player 489 Voice over Wi-Fi 374 Voice—Personal 374 VPN Functionality 326 Wardriving 61 Weakest Link 64 WEP 10 WEP (Pre-RSNA) 294 WEP Key Lengths 77 WEP Weaknesses 77, 295 Wi-Fi Alliance 15 Wi-Fi Alliance Compliance 15 Wi-Fi Protected Access (WPA) and WPA2 11 Wi-Fi Protected Access (WPA) and WPA2 Enterprise Mode 13
Wi-Fi Protected Access 2 (WPA2) Personal Mode 13 Wi-Fi Protected Access Personal Mode (WPA-Personal) 12 Wi-Fi Voice-Enterprise Certification 376 Wi-Fi Voice-Personal Certification 374 Wigle 64 WIPS—Features 420 Wired Equivalent Privacy (WEP) 76 Wired Security Entry Point 30 Wireless Intrusion Detection System (WIDS) 412 Wireless Intrusion Prevention System (WIPS) 413 Wireless Network Management Systems (WNMS) 413 Wireless Network Management Systems (WNMS) Security Features 446 Wireless Security Algorithms (Two Classes) 3 Wireless Security Prevention 30 Wireless Vulnerabilities 7 WLAN Controllers 446 WLAN Monitoring 411 Working with IEEE 802.11 Frames 448 WPA 11 WPA2 11 WPA2-Enterprise 13, 19, 193 WPA2-Personal 13, 19, 175 WPA-Enterprise 13, 19, 193 WPA-Personal 12, 19, 175
Table of Contents Title Page 2 Copyright Page 3 Table of Contents 10 INTRODUCTION 4 4 7 CWSP-207 Exam Objectives Target Audience Acknowledgements for Content 8 CHAPTER 1: SECURITY FUNDAMENTALS 17 Objectives 17 A Brief History of Wireless Security 18 Radio Frequency (RF) Does Not Respect Boundaries 20 Usage Threat Assessment 22 Network Extension 23 CWNA Security Review 25 Industry Organizations 28 Wi-Fi Alliance Compliance 29 Product Certificates 31 Terminology Review 33 Home Office Security 34 Small Business Security 35 Large Enterprise Security 35 Public Network Security 36 Remote Access Security 37 Security and the OSI Model 37 Security Analysis Basics 40 From the Blogs 50 Chapter Review 53 Chapter 1: Review Questions 55 Chapter 1: Review Answers 59 CHAPTER 2: WIRELESS SECURITY CHALLENGES 61 Objectives 61 Passive WLAN Discovery 62 Active WLAN Discovery 63 Discovery Hardware 66
Discovery Software 68 Weakest Link 70 SSID Hiding 72 MAC Address Filtering 75 MAC-Address Spoofing 77 Open System Authentication 78 Wired Equivalent Privacy (WEP) 79 Shared Key Authentication 82 EAP-MD5 84 Proprietary LEAP 84 Eavesdropping 86 Social Engineering 90 RF DoS 93 Layer 2 (MAC) DoS 94 Peer-to-Peer 96 Man in the Middle (MITM) 96 Management Interface Exploits 99 Authentication Cracking 100 Encryption Cracking 101 Other Common Concerns 102 Public Access Networks 102 General Recommended Practices 104 From the Blogs 105 Chapter 2 Summary 108 Chapter 2: Review Questions 110 Chapter 2: Review Answers 115 CHAPTER 3: SECURITY POLICY 117 Objectives 117 Security Policy Defined 118 Regulations 119 Legal Considerations 120 Policy Importance 120 Risk and Impact 122 Document and Define 124 Buy-In and Training 124 Incident Response 125 Enforcement 125 Monitor and Audit 127
Review and Revise 128 Password Policy 128 Additional Policies 129 Security Baselines 130 Device Management 130 Bring Your Own Device (BYOD) Policy 131 Mobile Device Management Solutions 132 Social Networking Policy 133 From the Blogs 137 Chapter 3 Summary 140 Chapter 3: Review Questions 141 Chapter 3: Review Answers 146 CHAPTER 4: AUTHENTICATION 148 Objectives 148 Authentication 148 Passphrase-based Security 155 WPA or WPA2 Personal 158 Defining WPA and WPA2 159 Per-User PSK (PPSK) 163 Entropy 163 Strong Passphrases 166 Authentication, Authorization, and Accounting (AAA) 167 Mutual Authentication 169 Authorization 170 Role-based Access Control 171 Accounting 173 Network Access Control (NAC) 174 WPA and WPA2 Enterprise 175 Certificates and Tunneled EAP 181 Authentication Models 183 IEEE 802.1X Port-based Access Control 185 IEEE 802.1X/EAP Framework 187 4-way Handshake 188 From the Blogs 201 Chapter 4 SUMMARY 213 Chapter 4: Review Questions 215 Chapter 4: Review Answers 219
CHAPTER 5: AUTHENTICATION AND KEY MANAGEMENT 221 Objectives 221 Terminology 221 Pre-Robust Security Networks 223 Robust Security Networks (RSN) 224 802.11 Association 228 KEY Hierarchy 229 PSK Key Hierarchy 230 802.1X/EAP Key Hierarchy 233 From the Blogs 239 Chapter 5 Summary 247 Chapter 5: Review Questions 248 Chapter 5: Review Answers 252 CHAPTER 6: ENCRYPTION 254 Objectives 254 Terminology 254 Symmetric Key Encryption 255 Asymmetric Key Encryption 257 Stream Ciphers 259 Block Ciphers 259 Frame Encryption 260 Encryption Algorithms 262 WEP (Pre-RSNA) 263 TKIP (WPA) 268 CCMP (WPA2) 270 From the Blogs 273 Chapter 6 Summary 277 Chapter 6: Review Questions 278 Chapter 6: Review Answers 282 CHAPTER 7: SECURITY DESIGN SCENARIOS 284 Objectives 284 Virtual Private Networking Basics 285 VPN Functionality 288 Common Wireless Uses 289 Tunneling and Split Tunneling 294 Public Access Networks 295 Captive Portals 298
Network Segmentation 300 Bring Your Own Device (BYOD) 304 Mobile Device Management (MDM) 305 Client Management Strategies 306 From the Blogs 308 Chapter 7 Summary 310 Chapter 7: Review Questions 311 Chapter 7: Review Answers 316 CHAPTER 8: SECURE ROAMING 318 Objectives 318 IEEE 802.11 Roaming Basics 319 PSK Roaming 322 Basic Roaming Review 326 Wi-Fi Voice-Personal Certification 328 Wi-Fi Voice-Enterprise Certification 329 Preauthentication 330 Pairwise Master Key (PMK) Caching 332 Opportunistic Key Caching (OKC) 334 802.11-2012 (802.11R) Fast Transition (FT) 335 Single-Channel Architecture 342 From the Blogs 344 Chapter 8 Summary 347 Chapter 8: Review Questions 348 Chapter 8: Review Answers 352 CHAPTER 9: NETWORK MONITORING 354 Objectives 354 Secure Management Protocols 355 WLAN Monitoring 357 Rogue AP and Client Detection 359 WIPS—Features 364 Enforcing Functional Policy 365 Security Monitoring 366 Reporting and Auditing 366 Auditing and Forensics 371 Audit Methods 371 Audit Tools 372 Enterprise WIPS Topology 374
Defining WIPS Policies 376 Classifying Devices 377 Establishing a Baseline 378 Event Logging and Categorization 378 Activity Reports 378 Measuring Threats 379 Compliance Reporting 381 Forensics 381 Device Location and Tracking 381 Integrated Spectrum Analysis 382 NEW 802.11 Challenges 382 Monitoring in the Cloud 383 Wireless Network Management Systems (WNMS) Security Features 384 WLAN Controllers 384 Distributed Protocol Analysis as a Monitoring Solution 385 Spectrum Analysis 389 Physical Layer Defenses 389 Laptop-based Intrusion Analysis 390 From the Blogs 396 Chapter 9 Summary 400 Chapter 9: Review Questions 402 Chapter 9: Review Answers 407 APPENDIX A: ABOUT REAL-WORLD WLAN SECURITY TESTING/EXPERIMENTING 409 Creating a Kali Linux Virtual Machine for Security Testing and Lab Utilization 409 About Real-World WLAN Security Testing and Experimentation 410 Creating a Kali Linux Virtual Machine for Security Testing and Lab Utilization 410 Installing Virtualbox 411 Creating a Kali Linux VM 412 Updating the Kali Linux VM 419 Connecting a Wireless Adapter to the Kali VM 420 Using VMware Player 421 GLOSSARY 422 INDEX 444