Gain in-depth knowledge for passing your exam with Exam-Labs CWSP-206: CWSP Certified Wireless Security Professional certification video training course. The most trusted and reliable name for studying and passing with VCE files which include CWNP CWSP-206 practice test questions and answers, study guide and exam practice test questions. Unlike any other CWSP-206: CWSP Certified Wireless Security Professional video training course for your certification exam.

Module 01 - WLAN Security Overview

6. Wi-Fi Alliance Standards

Now remember the WiFi Alliance. It's been around since 1999 and had a different name before that. They changed it in 2002 to the WiFi Alliance. So it's been around for a while. Remember, they're the ones that are trying to verify that you meet certain standards. And again, this is just kind of designed to be a little bit of a review of the standards that are out there. One of the first ones, of course, is the way in which we send our signals, both the frequency and the different methods of encoding. So as just a quick review, some of the things you might see here are things like 800 and 211 A. Now you might think that since it is the lowest letter on the alphabet, that would have been the first, latest, and greatest. It was one that operated, as just a reminder, at 5 GHz and had data speeds up to 54 megabits per second. But the problem with that frequency was that it wasn't what we call the junk band. The junk band being what we call the industry scientificand medical, which was at the 2.4 GHz range. and that was one that was unlicensed. And so even though we might see this 811 A and think, "Oh, that sounds great," everybody used B, which was at 2.4 and had only eleven megabits of throughput. You might say, "Well, why did we want to go with a standard that shared a frequency with your microwaves and your remote-control cars and everything else out there?" Well, the biggest reason, of course, was the cost. This was cheap equipment to buy compared to going to the 5 GHz range. Then we saw some improvements in the methods in which we did encoding with 800 and 211 G, which got us up to speeds again of up to 54 megabits per second. And of course, like I said, that was G. Then, when eight to eleven came out, we were all excited because we could do either 2.4 or 5 GHz and had faster speeds, some would say 100 megabits or more depending on what was available. And the recent one that I hope you've seen or researched is AC. AC is promising gigabits per second for throughput. So some amazing things are happening as technology advances. And if you think about it, a gigabit throughput for wireless is just an incredible idea. And that's going to be for a lot of you who are working at a wired end station. You might still be on a 100-megabit fast ethernet and might not even have gigabit access, but we certainly are seeing that we are moving this into a good enterprise production field. Some of the other things they would try to ensure that we are, or at least remember that the goal is to certify you here. They didn't define these standards; they're just making sure that you're there. We are going to talk a lot more about WPA and WPA Two, the Wi-Fi protected access standards, and the differences between those, especially when we get into an enterprise security solution for security.So we'll cover more of these in more detail. Again, there's a WiFi protected setup, a WiFi protected access, that they're going to make sure that we're setup for, which again is a part of what we're going to get into later on to talk about the robust secure network or robust security network. And there are two versions of the WPA two. The first is, of course, the personal, which is ideal for your home users, and the second is the enterprise. Again, when we break it down, we're going to talk about how we use some external authentication mechanisms for WPA 2. so I just kind of went off target there. But it's still part of that protected access that we defined. See, I didn't go too far off topic. The WiFi multimedia, the WM, is also a part of the WPA. So here we're going to start Well, we'll introduce it. Quality of service is an important aspect because there are a lot of WiFi voiceover IP phones or streams that are more important than others. I've got somebody who wants to download the latest and greatest pictures from Facebook that might interfere with traffic. That's more important. So we can provide some of those accesses to that multimedia, especially since latency is a major issue with multimedia. If there is too much time lag between when you say hello on the phone and when the other person finally responds, you might think you're on a walkie-talkie or CB radio rather than a quality voice circuit. The WM power save and PS are ideal for BYOD, or bring your own device, such as a laptop, tablet, smartphone, or whatever we have today. But who knows, maybe in another couple of years we'll be talking about your wristwatch or something else? But it's designed to help conserve battery, and that's an important issue. Basically, being able to send an "awake up" call when traffic is coming in is important. The CWGRF, Converged Wireless Group, RF profile, radiofrequency profile, and "converged" all indicate that we are mixing different types of traffic, which is where we will obviously focus on this 811. But there are other types of traffic that we might deal with that is a little bit outside, like I said, of our purview for this course. So that's my cellphone, by the way, for those of you who don't remember the old flip phones where you pulled out the antenna; maybe it's just me because I'm so old or have been around here for a while, but they do radio frequency as well, only they're connecting to a cell tower. And so, we're seeing layer one up to this point and from the cell tower. converting it into layer two as it gets into their actual network, what we call the home agent of where they connect, if you think about it. They're converging today when we start talking about things like4G networks and one of the new buzzwords is likevoiceover LTE that they call VoLTE and so we areconverging actually packetizing the voice and the data on thesame signal so that's an example of a converged oneof those types of networks and the last one here.The voice personal application is designed for residential or small business WiFi networks where you may be mixing voice and data traffic, possibly even printer traffic, so you could almost call this a converged idea as well, but more or less converged for the smaller what we call the remote office branch office the robots, or some people call them SoHos, the small office home office.

7. 802.11 Networking Basics Part1

Now, we're going to assume that you already have the networking basics down for 800 and 211. Remember that the 800 and 211 standards are based on OSI layers one and two. One of the things I mentioned about layer one, of course, was the medium, but layer two was things like switches, which are, in this case, access points. And that's going to be important when we talk about the different layers. So at the moment, the assumption is that you know what the basics are and that you know how wireless is working at both layers. Remember, our goal is to talk about securing that traffic, but we also want to make sure we have a good idea of the overall picture of the network and how wireless and wired work together in a standard type of best practise type of distribution or layers. and we call the layers core distribution and access. The access layer is basically where everybody connects. When I say everybody, whether you're off of a wireless access point or whether you're connected on a wired switch, that's the access layer. It's how you get from where you are to other users or some other server or resource. You're going to go through a distribution layer, and depending again on the size of that corporation, you may even have to go into the core infrastructure to be able to get to other distribution areas to get to other access layers. And I'll draw that out for you here in just a second, but to make sure that, like I said, you're just getting the big picture of what's actually happening and where we're going to be living as far as our security concerns go.

8. 802.11 Networking Basics Part2

So when we take a look at the access layer, as I said, I'll put in the PCs, whether they're wireless or not. That's where they're connecting to things like the switches. So the squares are switches. Of course, we could have our own debate about having the wireless access point. Maybe we're doing an extended service set, maybe roaming, or whatever the case may be. But either way, we're at the access layer, and that's where everything is at.And let's say somewhere else in our network we have a server farm that we want to be able to access. Or maybe we have, as I said, access to the Internet or whatever the case may be. But that's where we're going to get into the distribution layer. The distribution layer, which I'll just abbreviate here, is a lot of where we see routing going on that's going into the IP address idea. So if you imagine that you were connecting wirelessly here at one point of the network, maybe even in a different part of the building, you're going to have to be able to get out of the access layer to the distribution layer. And the distribution layer could just easily take you through routing to some of the locations. Now, we also talk about the core. The core is where we do all of the high-speed work. By the way, when we are talking about security, we are going to be looking at the access layer. But just technically speaking, your wired security is going to be happening at the distribution layer. The core layer is nothing about speed, or I should say, is not nothing about speed. It's all about speed. There's no real sense of security there. We just want traffic to move as quickly as we can. And as I said, it might be that it's connecting to a server farm or some other set of resources that also require high-speed connectivity. Right? And again, we may have to go from the distribution layer to the core. But again, it's the distribution layer that got us there, going through the core network to get to that server farm. Or, as I said, it could be leaving that core, going out to the cloud where I want to put the evil spy-looking thing. By the way, that's supposed to be a mustache, if any of you ever saw Bullwinkle. And remember Boris; he always had that little evil mustache. But that's my Internet cloud. Again, we frequently consider this, as well as having high-speed connections off the court. So that's your big picture, and as I've said, she already wants to say it. Again, we are going to focus on security, but we're going to be doing that here at the access layer. Then we'll delegate security in the distribution layer to the people who handle wired security.

9. Connection Types

Now there are different types of connections that we're going to talk about. And again, remember, these are different layers. It depends on what we're looking for. But if we're talking about wireless connectivity, one type of connection is a point-to-point. It's often what we call a "wireless bridge," where you're doing wireless from one building to another to connect them rather than running cables between them. I've seen that happen a few times because of poor planning when it came to moving a building. As an example, I recall a university that relocated their ticket office from the stadium to a location across the street in the city because they refused to allow them to dig up the road to string cable between. They didn't want to pay to go through a service provider for what amounted to a 60-foot run. So they were looking at ways of doing a point-to-point connection. The most common WiFiconnection we see is point to multipoint.We have a single access point that is connecting to multiple different wireless devices. So it is one too many. Also in the world of security, which we will look at as far as some of the other options, are things like wireless land controllers. Those are things that are going to give us mobility, can help increase security, and can help us with segmentation. and it's generally a communication from the access point to that centralised wireless land controller. In fact, you might have multiple wireless LAN controllers that are being controlled by a single wireless LAN controller controller.For example, Cisco calls it the WCS, the wireless LAN controller's ability to work with multiple ones of those. We're going to get into some of the security options, especially WPA 2 enterprise, where we have to have authentication points, whether it's an active directory server, a Radius server, or an attack Act server. But it's a place where the access point can collect your information and verify that you are the right person. And of course, there might be those types of anonymous access that we see at your local coffee shop or eatery. Everybody's now saying, "Okay, hey, come eat here, come have a coffee." You can read your paper; you can surf; you don't have to log in or have any accounts.

10. 802.11 Security Basics

So when we look at the 800 and 211 security basics, there are going to be five major components that we want to work with. One is data privacy—we'll call that encryption. The other are the triple-A services, which include authentication (who you are), authorization (what you can do), and accounting (keeping track of what you did). Segmentation gets us most of the way into the wired for the most part.Again, we'll look at that with the VLAN. Obviously, we want to be able to monitor what's happening. We can do that either by just looking at logs on the access point or if we're using a centralised wireless LAN controller. That is frequently capable of not only monitoring but also informing you about where someone is roaming while roaming, any unexpected devices, or even any unexpected types of access points, which we refer to as rogue types of options or rogue access points. And then, of course, policy. Policies could be corporate policies. Corporate security policies could be laws and regulations in the jurisdiction in which you're operating that you have to follow. Now, there are some other types of security devices. I mentioned how the wireless Lan controller can help you with monitoring or even send off alerts if it does something like rogue detection. And again, rogue detection is finding that wireless access point that doesn't belong. Maybe somebody brought one into the office because they wanted to be able to pick up their laptop and move around, and you won't give them an access point. So it's not uncommon that people will bring their own type of access, and that's always a bad thing because then they're creating a new method of connecting to your network without going through your security settings. There are also tools like the wireless intrusion detection systems, and those can again be very important for us. Intrusion detection is not only malware detection, but it may also be a component of rogue detection. Whether it's an access point or maybe an unexpected device connecting to our network that shouldn't be there.

11. Data Privacy Part1

Now, when we talk about data privacy, remember that the communications, as I've already said, are done over radio frequency. So anybody with a radio can intercept, especially because it is an unlicensed frequency or unlicensed band. so it's easy enough for anybody to see. In fact, if I came into your office and I had a WiFi card in my system, I'd obviously be able to hear all of those radio frequencies if I was within range. And so what we are going to do is look at and focus on encryption. Encryption is designed so that only the sender and receiver can interpret what is being transmitted. Not everything we send over radiofrequency using encryption will be encrypted. But we will talk about that as we get into the different types of encryption. So again, remember, it's unlicensed frequencies. And when we do talk about encryption or the world of cryptology, there are a few things that we need to have to be able to make it work. Number one is an encryption algorithm. Now, we have to be careful. We're using open standards like the Advanced Encryption Standard (AES), which means that everybody knows how that algorithm works. What they don't know is the key—the key that is used with the algorithm to be able to encrypt everything. So the stronger the key, the better the encryption. The shorter or weaker the key, the easier it is for somebody to crack. Cracking it is called cryptanalysis. We might also, in encryption, use authentication, maybe through certificates or some other method. And in fact, you're going to see in some of these, as we again get into later chapters, how this setup is going to work and how keys are generated and how they can be generated randomly. But again, like I said, this is the overview chapter. So we're going to get into that as we go further into this course.

12. Data Privacy Part2

So at a high level the idea of cryptology and theuse of encryption is to take what is normally called plaintext and go through that algorithm plus the key to getinto what we call the cypher text or that is thecipher and and then it gets us into the cypher text. So the hope is that this is still on your, say, laptop and you haven't sent this message yet. but because you have set up encryption. The laptop, through the use of its CPU and the algorithms, is going to go through this process of doing the encryption, so this is still all being done on the laptop, and then from that point on, we're ready to send it through radio frequency, and anybody that's out there eavesdropping is just going to see this encrypted text that we call cypher text. Obviously, once it's received on the other side, we'll have to return to this discussion in a second. But basically the other side is going to have to receive that cypher text loaded onto their system and go through the decryption process, which is just going backwards through this process. And what I've just described to you is often called "very good symmetric encryption," meaning that the key that we used to encrypt is the same key that we use to decrypt the message. This is probably one of the weakest parts of symmetric: both sides need to have the same key, and so we can always make the argument, "How do they both know the same key if we can't encrypt the message with the key?" And we're certainly going to talk more about that when we get into encryption types. I'll break it down even more so we have a good understanding about how we do key exchanges. We do sometimes use an asymmetric method, which is a key pair, and like I said, we'll get more detail later on, but sometimes we use that to exchange the symmetric key. You might say, "Well, then why don't we just use asymmetric all the time?" It is, however, very processor-intensive, making it unsuitable for large amounts of data, which is why we use the symmetric. Now, in this process, like I said, I showed you the decryption. Encryption is one direction, decryption isgoing in the other one. Don't mistake it for other types of cryptology, like steganography, which is called hidden words. Just as a side note, if you're not sure what that means, you can have this beautiful picture of some mountains. Maybe the sun is out there. And we can actually take for each pixel that is represented by, what is it, the RGB, the red, green, and blue, for each pixel that is represented by a series of bits, eight bits for each of these. And we can actually borrow some of these bits without changing the quality of that colour very much or making it unrecognizable. and actually begin to encode the letters of our mail message. That's not encryption. That's hiding things in plain sight. So when we talk about encryption, it's not hiding in plain sight. We are definitely taking plain text and turning it into cypher text.

Pay a fraction of the cost to study with Exam-Labs CWSP-206: CWSP Certified Wireless Security Professional certification video training course. Passing the certification exams have never been easier. With the complete self-paced exam prep solution including CWSP-206: CWSP Certified Wireless Security Professional certification video training course, practice test questions and answers, exam practice test questions and study guide, you have nothing to worry about for your next certification exam.

Hide