CWSP® Certified Wireless Security Professional Official Study Guide by Tom Carpenter

Author:Tom Carpenter
Language: eng
Format: epub
Publisher: Certitrek Publishing
Published: 2015-03-15T00:00:00+00:00

Chapter Summary

In this chapter, you learned about the importance of authentication and the different authentication methods available in 802.11 WLANs. You explored the 802.1X/EAP enterprise authentication solutions and the different EAP types. This information will be essential for the CWSP exam, but it is also important to know so that you can make effective decisions when designing security in the real world.

Facts to Remember

Be sure to remember the following facts as you prepare for the CWSP certification and be sure that you can explain the details related to them:

Authentication is used to validate credentials and is the foundation of all other security technologies.

Passphrase security, or a preshared key (PSK), is useful in SOHO and small business deployments with a few dozen clients.

When using a PSK, the password used to generate the PSK should be random and difficult to guess. It should also be very long.

WPA- and WPA2-Personal use a PSK implementation.

WPA- and WPA2-Enterprise us an 802.1X/EAP implementation.

WPA supports TKIP/RC4 and WPA2 supports CCMP/AES.

You can identify the PSK authentication when the AKM Suite type is equal to 00-0F-AC:02.

Triple-A (AAA), as a security principle, consists of authentication, authorization and accounting.

Mutual authentication means that both the authentication server and the client are authenticated.

RBAC (Role-Based Access Control) is a method used to provide authorization through groups or roles.

RBAC typically involves the creation of policies and the assigning of these policies to groups or roles.

Accounting can be provided through RADIUS servers and Syslog servers.

802.1X provides port-based authentication.

Extensible Authentication Protocol (EAP) is a framework on which different types of EAP authentication methods are build, such as EAP-TLS and PEAP.

EAP-MD5 and LEAP should not be used.

PEAP, EAP-TLS, EAP-TTLS and EAP-FAST can all be implemented in a secure manner.

Lightweight Directory Access Protocol (LDAP) servers are often used to provide a credential store for 802.1X/EAP authentication through RADIUS servers.

Download

Copyright Disclaimer:
This site does not store any files on its server. We only index and link to content provided by other sites. Please contact the content providers to delete copyright contents if any and email us, we'll remove relevant links or contents immediately.