Pass CWNP CWSP-206 Exam in First Attempt Easily
Latest CWNP CWSP-206 Practice Test Questions, Exam Dumps
Accurate & Verified Answers As Experienced in the Actual Test!
Download Free CWNP CWSP-206 Exam Dumps, Practice Test
| File Name | Size | Downloads | |
|---|---|---|---|
| cwnp |
49.2 KB | 974 | Download |
| cwnp |
49.2 KB | 1097 | Download |
| cwnp |
57.7 KB | 1437 | Download |
Free VCE files for CWNP CWSP-206 certification practice test questions and answers, exam dumps are uploaded by real users who have taken the exam recently. Download the latest CWSP-206 CWSP Certified Wireless Security Professional certification exam practice test questions and answers and sign up for free on Exam-Labs.
CWNP CWSP-206 Practice Test Questions, CWNP CWSP-206 Exam dumps
Course Introduction
1. Introduction
I want to welcome you to our course on being a Certified Wireless Security Professional. We're going to cover a lot of different topics, obviously, with our biggest focus being about wireless and security. So what we're going to do is we're going to start with a kind of overview of what wireless land security is, and then we're going to kind of go into some history. We're going to talk about some legacy security, so we know where we were and where we definitely wanted to leave to move into better options. So from there, we'll move into talking about encryption, types of encryption, and ciphers. Then we're going to get into authentication methods that work at layer two. We're going to then get a chance to talk about some ways in which we generate keys so we don't have to use pre-shared keys or things that are easy to guess or things that people might share. So we'll talk about dynamic encryption key generation. and then we're going to take a look at some solutions for the small office or home office as far as their security. Then we'll talk about some larger solutions where we might have mobile users who take their wireless device and move around the office but still want to maintain wireless connectivity. And we'll talk about how we can do that and some of the options with fast, secure roaming. Now we're certainly going to talk about some of the wireless security risks. We're going to take a look at how to do security auditing for the wireless local area network. We're also going to talk about some devices that can help us with what we call wireless security monitoring. And then we'll take a look at some ways of securing remote access through the use of VPNs. And then finally, we're going to take a look at the wireless security infrastructure.
2. Instructor Introduction
Hi there. My name is Ken Mayer. I'm going to be your instructor on this course. Now, I've been involved with something that has initials like "information systems" information technology" since the very early eighties. So if you did the math, let me just tell you I started when I was in the fifth grade. I'm not as old as you think. So over that time, obviously, there was a point where there was no wireless. And so I worked with networks, network infrastructure, routers, and switches with operating systems, all kind of stuck in that wired type of medium. Well, unfortunately, I was a young adult when I saw my first cell phone. But anyway, eventually we moved into wireless. And I've worked a lot with wireless types of deployments—obviously with training as well. Primarily, my focus has been on Cisco's wireless solutions, with some firewall wireless solutions like the old Net Screen that became part of Juniper. I also assisted with Aruba network training and deployments. So I think that I have at least a pretty good idea about how to actually configure these devices. But what's important here is that I'm going to convey to you what we know about the different standards and how you can figure out how to actually do the configuration of the actual specific product. But I want you to be able to know the different standards and the different goals. I've also done a lot of work in the field of security ethical hacking for wired or wireless networks, as well as operating systems. And so I'm hoping that I'm going to take the knowledge that I have and be able to apply it specifically in the wireless arena to be able to help you get better with wireless security.
Module 01 - WLAN Security Overview
1. WLAN Security Overview
Now in this module, we're going to start off with what we call the wireless LAN security overview. And just remember, it is designed to be an overview. My goal here is to introduce some topics that we're going to see as we go through our course and to kind of give us, you know, just that little bit of a carrot to make sure that you want to keep going through. Some of the nicest things that we see about this particular course are that we are dealing with wireless, which is very popular, and security. So, I mean, how do we go wrong? We're doing both. So what we're going to do in this module is talk a bit about the history: where did we come from when it came to the security of wireless networks? We'll talk about the different standards organizations, such as the ISO or the Internet Engineering Task Force, the IETF. We'll also take a look at a review of the OSI model, which is very important for networking, even though we're going to be focusing on layers one and two. But we'll talk about that. We'll take a look at the ISO hierarchy. That hierarchy will kind of give you an idea, again, about how these different organizations work together, including things like the Wi-Fi Alliance standards. We'll talk a little bit about the basics, hopefully as a review for all of you that are here in the security part of this. For 811, we'll look at different types of connections. Some of the 811 security basics concern data privacy. We'll talk about the AAA, the authentication authorization, and accounting segmentation monitoring policies. And then, of course, we'll move into the security standards that we first started seeing introduced with the 800 and 211 I, and that includes the wire protective access, the WPA. We'll also talk about robust secure networks, or RSN, and talk a bit about the future of 801.11 security.
2. Where We Came From
So let's talk a little bit about where we came from. So, in 2007, the IE with the 820 Eleven 2007 set out to discover what a wireless local area network, or W LAN, is. And you know, if you think about it, we've always been working with security on our wired networks. And when I say, "We've always looked at that because it was pretty easy, right?" We contained the signal within a copper or fibre cable, and we always have to worry about still encrypting traffic because people could sniff those particular signals as they were being sent from one device to the other or do other types of malicious things like man in the middle to be able to grab that information. So we got into things like encryption and certificates and all of those sorts of things, but it was bound by that medium. And when we think about wireless now, of course we're emitting radio frequency, so anybody with a radio was able to pick up on those transmissions. And when we first started looking at wireless, we really didn't have a security mechanism in there other than distance, right? I mean, if you were a mile or two away from my access point, I wouldn't be concerned about you listening in on my conversations. If you're sitting out in my parking lot, then I'm a little bit more worried. And of course, WiFi standards have changed now that we are covering great distances with wireless, but we'll get into some of that a little bit later, at least on the security aspects. So originally, everybody had a bad taste for the idea of how secure a wireless local area network was. They are easy to implement because we didn't have to worry about cables. We just had to worry about the placement of an access point and making sure that it was connected to the wired network. But now what we're going to see as we go throughout this course is how much more secure wireless can be for us. So what we're going to do is take a look at some of the security mechanisms that we're going to talk about, and I'll try to give you a good 30,000-foot view. Maybe even a 10,000-foot view, at least during this particular module with things like encryption and authentication. What authorization means and the use of segmentation through what we call the "Virtual Local Area Networks," or VLANs, And most of what we're going to do is, like I said,we're going to focus at layer two, a bit about layer one. But at this point we're assuming that you're pretty comfortable with the 811 A, B, GS, NS, ACS, and those types of things.
3. Standards Organizations
Now we are going to mention a lot of the different standards, and of course there are different organisations that present those standards to us. So as we're moving throughout this course, you'll see a lot of these listed and how they helped build the foundation for security as well as for the different types of wireless access that we have. One of the first ones that you'll see is the ISO, the International Standards Organization. They're the ones that created what we call the Open System Interconnect Model, or the OSI Model. The IEEE, the Institute of Electrical and Electronics Engineers, They create a lot of the standards for compatibility and coexistence between network equipment—not just wired, but also wireless. And if you think about it, that's very important, because how difficult would it be if the vendors that were involved in wireless were using their own standards? Then we were kind of stuck with one company or another company and wouldn't have that. Compatibility or interoperability will probably be even more difficult for our clients trying to install the right software for a proprietary solution on all of the different laptops or mobile devices that we use. The IETF, the Internet Engineering Task Force, also creates Internet standards as they integrate into wireless and wired networks. And the Wi-Fi Alliance is designed to help perform certification testing. So that's a little tag that you see if you're buying any type of wireless device, and you see the WiFi Alliance, and you know that it's been tested, and it should work with any multi-vendor solutions that you have.
4. ISO and the OSI
All right. So I do want to talk a little bit about the OSI model, the Open System Interconnect. And when we look at this, we generally draw a line, and we talk about having these upper layers and these lower layers. And I don't think there's anything wrong with us going through this. If you've never seen it before, then this can be important just to get an idea of what's happening all throughout our network when it comes to both the wired and the wireless. But I'm not going to spend a lot of time on the upper layers. That's a little bit outside of the scope of what we want to look at. But I will start at least at layer seven, the application layer. and that's basically anytime we interact with the operating system. Now, I know you might hear different definitionslike applications like web browsing, Http or FDPfor file transfers or different things. But that's what we're doing, where people are interacting with the operating system. They have a presentation layer. I like to call that the format. And the biggest thing here, I can just say, is that sometimes I used to say it's how things are stored, but that didn't make sense because everything is stored in binary as ones and zeros, whether it's a solid-state drive or a hard drive. But the format made sense because, if you were to look at, say, graphic files, the way in which we encode a JPEG would be different than the old bitmaps or any of these other things. Or if we went into audio files, we used to have a lot of WAV files before MP3 got popular. And that's all it is. It's a method of encoding or formatting information, which is obviously going to be read by the application at some point, as well as the session information. We generally look at it as sort of an interaction with a client. I'll draw on my laptop, let's say, to a server, and let's say you're ordering something online, and you're probably not the only one ordering from this particular web server. And you would like to make sure that customer A's orders don't get mixed up with customer B's. So we create sessions—ways of being able to separate the different traffic streams so that we can make sense out of them. And that's about all I want to say there. Now what I'm going to do is I'mgoing to move down to layer one. But before I do again, that Ilea standard. Everything that falls under 800 and 211 (2007) is going to define what happens for us at layers one and two. And so I'm going to talk both about wired and wireless a bit, just so we have a good idea of what we mean at these different layers. So as an example, the physical is really what we decide to call media or the medium that you use to send information, and we refer to them as bits because whether it's wired or wireless, we are still sending a bunch of ones and zeros. And that information has to be able to be transmitted. Now, obviously, in the wired network we often have things like copper. Some people might call it catfive, catseven, or five e.Some people just call it an Ethernet, a twisted pair, or whatever that copper wire is. It's just a way of transmitting ones and zeros. Obviously, we also had fibre or what some peoplewould call optical, which does the same thing. It's transmitting ones and zeros, but in doing so, by the way, it sends the photons as light beams down the actual cables. We will, of course, concentrate on radio frequency. That's what we wanted to be able to distinguish, and we wanted to talk about ways of securing those transmissions. As a result, RF is considered at layer one. Of course, in some of the more basic courses, we talk about the different methods by which we can transmit this information, whether it's by frequency hopping or any of the other types of options that are out there. But our goal is not to worry about how we're transmitting this course. It's about how to secure what's being transmitted. All right, so then comes the data link layer. Now the data link layer is a little trickier. It actually has two sub layers.One that interacts with layer one is referred to as the Mac layer, and the other is referred to as the link layer. That sublayer, I should say, is what makes its attachment or helps communicate with the networking addresses. Again, we're going to focus on this part of it, but really what we're talking about here at layer two is a way of forwarding traffic. And by forwarding traffic, we're going to do so generally by hardware address. In the case of the Mac address, we refer to this as media access control. As a result, in a traditional wired network, we would have seen an object known as a switch. And on a switch, you would have a number of end stations connected to it, and maybe another switch connected to it. And as traffic would come in, the switch would look at its Mac address. Inside that switch would be a Mac address table that would be associated with specific ports. And so the switch would look at that Mac address and say, "Oh, okay, I know where to send that traffic." I'm going to send it out of whichever port is there. So there was no broadcast, as opposed to, well, if I went back to layer one and talked about a wired network, and we could almost make the same analogy with radio frequency. The issue with having a hub was that when traffic came in, it would automatically go out every single port. So anyone who's connected to it would be able to hear that traffic. So it wasn't inherently very secure. Can't we say that about radiofrequency from an access point? Let's see how well I can draw my little robot access point right as we're sending out radio frequency. Anybody with a radio can hear that traffic. So in a way, it kind of sounds like that wired hub, at least in the way I'm trying to describe it. And so when we went into the data link layer, we were able to make more intelligent forwarding decisions. And for us, it's kind of important to understand what's happening because if you think about it, in our setup, we're going to have an access port that is hardwired into a switch. And so while we're doing radio frequency to connect to whatever portable devices are out here, that information is going to be translated into an electrical signal from the access point, and it's going to eventually go into the switch, where again, it will be forwarded based on its Mac address. And of course, there could be multiple access points out here. And we know that we also look at the Mac address of the access point, so we know which one we're associated with. So, once again, things we'll look at in the data link layer. But we are going to want to talk about ways to encrypt our traffic and what that process is going to be like so that the communications between these wireless devices and the access point or the two stations, whatever word you want to use, will be able to secure that traffic. And we want to talk about security when we get into the wired network through things like segmentation and being able to say, "Well, you're a guest, so I only want you to be able to get to the Internet from my network." And if you're an employee, I want you to be able to get to the local area network and to the Internet or whatever else we want to secure. So it's more than just encrypting the signal that we're transmitting via radio frequency. It's also going to be on the wired side that we want to talk about security options. All right. So now to get beyond layer two: And the problem with layer two—I don't know if I have enough room to keep drawing this in here—is that we had what we called a broadcast domain. And what that simply meant is that if I had a bunch of switches connected to each other and your host sent a broadcast in here, it would go throughout the entire network. And the more hosts that I would add, the more broadcast traffic would start to eat up your bandwidth. And so we wanted to find a way to break up those broadcast domains. And one of the ways to do that was to create a logical address for each broadcast domain. And we did that primarily by introducing what we call "IP addresses," or Internet Protocol. We're not going to get into the differences between IP 4 and IP 6 throughout this course, but I think it's important just to understand what's happening. And so the idea was that if I wanted to stop the broadcast, I could put in a layer-three device that we normally call the router. And that router would look at the IP address and figure out the best way to send that traffic without allowing broadcast traffic to go through. And so that's what we see when we get into the IP address: that each of these broadcast domains would have their own network addresses, and the router, like I said, wouldn't allow the broadcast through. And so we would have just unicast traffic at the transport layer. We're talking about our communications protocol. How do the machines talk to each other? Why can Max talk to PCs, but not to Linux? And the rest of them are because we're speaking the same language. And without getting too far into those languages, we used primarily two different protocols. One is the Transmission Control Protocol, TCP, which is meant for unicast, meaning one-to-one traffic, and UDP, which is designed to work as a multicast or broadcast type of transmission, meaning point-to-multipoint or broadcast to everyone. And that's the user datagram protocol. So hopefully that's a solid foundation. And I hope that I've kind of cleared up where we're going to look. We are obviously going to really focus on layer one and layer two. And this little thing I talked about over here with the segmentation, that's where we're going to get into the VLANs and have a good understanding of how we use VLANs to separate our traffic. And that's also something that happens at layer two. So, as I said, that should give you an introduction to everything we want to talk about and, of course, where our focus will be.
5. 5. ISOC Hierarchy
So we're going to at least kind of take a look again at the different groups that we work with under what we call the Internet Society, or the ISOC. And here's where you're going to kind of get an idea of some of the breakdowns. So we have at least, if we take this little trail off here to our left, the Internet Architecture Board. We won't talk too much about what they do for us. But they are a group that is going to be working with things like the Internet Engineering Steering Group, and they're kind of the ones who come up with the bright ideas that we see the Internet Engineering Task Force work with. And the IETF does quite a bit for us. They certainly talk about ideas for the Internet. They're the ones that developed many of the routing protocols, maybe dealing with real-time applications or application ideas for security. They're the ones that are going to basically whether it's just a general category. operations and management. Routing. Transport layer. Most all communications right based on the Internet aregoing to be dealt with by the IETF andthey are constantly coming up with better methods ofdoing these communications or new methods of these communicationsand they often publish them as RFCs or whatwe call a request for comments. Moving on, the ICANN, or Internet Corporation for Assigned Names and Numbers, is in charge of things like IP addresses and whether or not you can have a.org or.com or a variety of other names and numbers, autonomous systems for routing protocols. So we're going to work with those as well. Well, at some level, somebody will. We're not going to get too far into that at this point. We're going to really kind of focus on what we see the IETF doing for us. And the Internet Architecture Board, as you can see, is going to be dealing with the Internet Research Task Force. And again, that's what I said between the two of these guys: they're going to come up with these great ideas, and then through the IETF we're going to try to come up with these proposals. The nice thing about an RFC, whether it's forsecurity or for anything else, the great thing aboutthat is the fact that it's a collaborative effort. Everybody who is a member can improve on an idea. So you know, when we get together and talk about RFCs, there might be one RFC that everybody lists for the final product. So I mean, even if it came to just establishing things like routing protocols, as I mentioned before, which is one of the things that are listed here, it wasn't just one brilliant paper. It was a combination of everybody adding on to each RFC. And of course, as they do, then theRFCs get numbered higher and higher and higher. But that is why it is called a request for comment. Because that's what we're encouraging, having the Internet community comment and try to make all of our protocols even better. You.
