did-you-know? rent-now

Amazon no longer offers textbook rentals. We do!

did-you-know? rent-now

Amazon no longer offers textbook rentals. We do!

We're the #1 textbook rental company. Let us show you why.

9781587051548

Cisco Wireless LAN Security

by ; ; ;
  • ISBN13:

    9781587051548

  • ISBN10:

    1587051540

  • Edition: 1st
  • Format: Hardcover
  • Copyright: 2004-11-15
  • Publisher: Cisco Press

Note: Supplemental materials are not guaranteed with Rental or Used book purchases.

Purchase Benefits

  • Free Shipping Icon Free Shipping On Orders Over $35!
    Your order must be $35 or more to qualify for free economy shipping. Bulk sales, PO's, Marketplace items, eBooks and apparel do not qualify for this offer.
  • eCampus.com Logo Get Rewarded for Ordering Your Textbooks! Enroll Now
  • Write a Review Icon Write a Review
List Price: $66.99 Save up to $16.75
  • Buy Used
    $50.24
    Add to Cart Free Shipping Icon Free Shipping

    USUALLY SHIPS IN 2-4 BUSINESS DAYS

Supplemental Materials

What is included with this book?

Summary

Secure your Wireless Local Area Network with guidance from an expert from Cisco Systems.

Author Biography

Krishna Sankar is a distinguished engineer at Cisco Systems, Inc. Sri Sundaralingam is a technical marketing manager in the Wireless Networking Business Unit at Cisco Systems Andrew Balinsky is a network security test engineer at Cisco Systems Darrin Miller currently works as a security researcher at Cisco Systems

Table of Contents

Introduction xxi
Securing WLANs Overview
3(10)
WLAN: A Perspective
3(2)
Wireless LAN Components and Terminology
5(2)
WLAN Standards
7(1)
WLAN Security
8(1)
WLAN Security Domain Conceptual Model
8(2)
Navigating This Book and Chapter Contexts
10(1)
Summary
11(2)
Basic Security Mechanics and Mechanisms
13(46)
Security Mechanics
13(21)
Confidentiality Mechanisms
15(1)
Symmetric Key Encryption
15(4)
Asymmetric Encryption
19(4)
Encryption Algorithm Strengths and Weaknesses
23(1)
Integrity Mechanisms
24(1)
Hash Functions
24(2)
Digital Signatures
26(3)
Key Management
29(5)
Authentication and Identity Protocols
34(22)
PPP Authentication Protocols
34(1)
PPP Password Authentication Protocol
35(2)
PPP Challenge Handshake Authentication Protocol
37(3)
PPP Extensible Authentication Protocol
40(2)
The TACACS+ Protocol
42(1)
TACACS+ Authentication
43(1)
TACACS+ Authorization
43(1)
TACACS+ Accounting
44(1)
TACACS+ Transactions
44(1)
The RADIUS Protocol
45(1)
RADIUS Authentication
46(1)
RADIUS Authorization
46(1)
RADIUS Accounting
47(1)
RADIUS Transactions
47(1)
The Kerberos Protocol
48(1)
Kerberos Authentication Request and Reply
49(2)
Kerberos Application Request and Response
51(1)
IPv6
52(1)
IPv6 Address Structure and Representation
53(1)
IPv6 Header
53(1)
Scalability
54(1)
Adoption
54(1)
IPSec
54(1)
Authentication Header
55(1)
Encapsulating Security Payload
55(1)
Security Associations
55(1)
Key Management
56(1)
Summary
56(3)
WLAN Standards
59(22)
Standards Organizations, Position, Context, and Influence
59(8)
IEEE
60(1)
IEEE 802 Standards
60(5)
Wi-Fi Alliance
65(1)
WPA Overview
65(2)
Wireless LAN Association
67(1)
Hardware/Radio/Waves and Modulation
67(1)
FCC Regulations
67(2)
Radio Technologies in 802.11
68(1)
Brief Discussion on Relevant Standards
69(10)
IEEE 802.11
69(1)
IEEE 802.11b
70(1)
Channel Allocation
70(1)
IEEE 802.11a
70(2)
IEEE 802.11g
72(1)
IEEE 802.11f
73(1)
IEEE 802.11c
73(1)
QoS Capabilities
74(1)
QoS Mechanisms
74(1)
QoS-Related Entities
75(1)
Association Based on QoS Capabilities
75(1)
IEEE 802.11k
75(1)
IEEE 802.11h
76(1)
European Standard Organizations and Regulations: ERO
76(1)
European Standard Organizations and Regulations: ETSI
77(1)
802.11h Details
78(1)
Light Weight Access Point Protocol
79(1)
Summary
79(2)
WLAN Fundamentals
81(30)
WLAN: Elements and Characteristics
81(3)
WLAN: Basic Topology
84(2)
WLAN Building Blocks
86(5)
Services
87(2)
Frames
89(2)
WLAN State Diagram
91(2)
Basic Choreography
93(16)
Beacon
94(1)
Probe
95(1)
Authentication
96(3)
Deauthentication
99(1)
Association
100(1)
Reassociation
101(1)
Disassociation
102(1)
Data
103(1)
Reason and Status Codes
104(4)
WEP
108(1)
Summary
109(2)
WLAN Basic Authentication and Privacy Methods
111(14)
Authentication Mechanics
111(2)
Open Authentication
113(2)
Trust Model and Assumptions
114(1)
Supporting AAA Infrastructure
114(1)
Applications, Vulnerabilities, and Countermeasures
114(1)
Auditing and Accounting
114(1)
MAC-Based Authentication
115(1)
Trust Model and Assumptions
115(1)
Supporting AAA Infrastructure
116(1)
Auditing and Accounting
116(1)
Applications, Vulnerabilities, and Countermeasures
116(1)
Shared-Key Authentication
116(3)
Protocol Choreography
117(1)
Trust Model and Assumptions
118(1)
Supporting AAA Infrastructure
118(1)
Auditing and Accounting
118(1)
Applications, Vulnerabilities, and Countermeasures
118(1)
WEP Privacy Mechanics
119(4)
WEP Processing Model
120(1)
RC4 Algorithm
121(1)
Data and Integrity
121(1)
Seed and Keylength
121(1)
IV Generation
122(1)
Key Generation and Selection
122(1)
Packaging
123(1)
Decryption
123(1)
Vulnerabilities
123(1)
Summary
123(2)
Wireless Vulnerabilities
125(32)
Attacker Objectives
126(4)
Attack Trees
126(1)
Reconnaissance
127(1)
DoS
127(1)
Network Access
128(2)
Reconnaissance Attacks
130(8)
Sniffing and SSIDs
130(1)
Sniffing Tools
131(1)
Prismdump
132(1)
Ethereal and Tcpdump
132(1)
Commercial Sniffers
132(1)
Wardriving and Its Tools
133(1)
Network Stumbler and Mini Stumbler
134(1)
Macintosh Tools
135(1)
Kismet
135(1)
Wellenreiter
135(1)
bsd-airtools
136(2)
DoS Attacks
138(2)
Disassociation and Deauthentication Attacks
139(1)
Transmit Duration Attack
140(1)
Authentication Attacks
140(1)
Shared-Key Authentication Attacks
140(1)
MAC Address Spoofing
141(1)
WEP Keystream and Plaintext Recovery
141(5)
Keystream Dictionaries
141(1)
Methods for Recovering RC4 Keystreams
142(1)
Known Plaintext Attack
142(1)
IV Collisions and the Birthday Paradox
143(1)
Reaction Attack
143(1)
Inductive Attack
144(1)
Uses for Recovered Keystreams
145(1)
Traffic Injection: Choosing Your Own IVs
145(1)
Message Modification and Replay
145(1)
Decryption
146(1)
A Brief Note on Solutions
146(1)
WEP Key Recovery Attacks
146(4)
Dictionary-Based Key Attacks
146(1)
The Fluhrer-Mantin-Shamir Attack
147(2)
FMS Tools
149(1)
Attacks on EAP Protocols
150(4)
Summary of 802.1x and EAP
150(1)
Dictionary Attack on LEAP
151(2)
PEAP Man-in-the-Middle Attack
153(1)
Rogue APs
154(1)
Ad-Hoc Mode Security
155(1)
Summary
155(2)
EAP Authentication Protocols for WLANs
157(38)
Access Control and Authentication Mechanisms
157(6)
The Three-Party Model
158(1)
Layered Framework for Authentication
159(4)
EAP
163(13)
EAP Frames, Messages, and Choreography
163(7)
EAP Authentication Mechanisms
170(1)
EAP-MD5
170(1)
EAP-OTP
171(1)
EAP-GTC
171(1)
EAP-TLS
171(5)
EAP-TTLS
176(1)
PEAP
176(7)
PEAP Frame Format
177(1)
PEAP Arbitrary Parameter Exchange
178(2)
PEAP Choreography
180(3)
802.1x: Introduction and General Principles
183(2)
EAPOL
184(1)
Cisco LEAP (EAP-Cisco Wireless)
185(2)
EAP-FAST
187(5)
EAP-FAST Frame Format
189(1)
EAP-FAST Choreography
189(3)
Summary
192(3)
WLAN Encryption and Data Integrity Protocols
195(38)
IEEE 802.11i
195(2)
Encryption Protocols
197(20)
WEP
197(1)
RC4
198(2)
WEP Encapsulation
200(2)
WEP Decapsulation
202(1)
TKIP (802.11i)/WPA)
203(1)
Michael MIC (802.11i/WPA)
204(2)
Preventing Replay Attacks
206(1)
Key Mixing Algorithm
207(1)
TKIP Packet Construction
208(1)
TKIP Encapsulation
209(1)
TKIP Decapsulation
210(1)
CCMP
211(1)
CCMP Encapsulation
212(2)
CCMP Decapsulation
214(1)
CCM Algorithm
215(2)
Key Management
217(8)
Master Key Establishment
218(1)
Key Hierarchy
218(2)
Pairwise Key Hierarchy
220(1)
Group Key Hierarchy
221(1)
Key Exchange
222(1)
The 4-Way Handshake
222(1)
The Group Key Handshake
223(1)
Security Associations
224(1)
PMKSA
225(1)
PTKSA
225(1)
GTKSA
225(1)
Security Association Destruction
225(1)
WPA and Cisco Protocols
225(2)
Cisco Protocols
226(1)
WPA
226(1)
Security Problems Addressed
227(2)
Reconnaissance
227(1)
DoS Attacks
227(1)
Shared-Key Authentication Attacks
227(1)
MAC Address Spoofing
227(1)
Message Modification and Replay
228(1)
Dictionary-Based WEP Key Recovery
228(1)
WEP Keystream Recovery
228(1)
Fluhrer-Mantin-Shamir Weak Key Attack
228(1)
Rogue APs
229(1)
Security Considerations of EAP
229(1)
Summary
229(4)
SWAN: End-to-End Security Deployment
233(22)
Overview of SWAN Security Features
233(2)
WLAN Deployment Modes and Security Features
235(5)
SWAN Infrastructure Authentication
240(1)
Radio Management and Wireless Intrusion Detection
241(5)
SWAN Fast Secure Roaming (CCKM)
246(4)
Local 802.1x RADIUS Authentication Service
250(2)
Summary
252(3)
Design Guidelines for Secure WLAN
255(32)
WLAN Design Fundamentals
255(4)
WLAN Security Policy
256(1)
Device Support
256(1)
Authentication Support
257(1)
Network Services Placement
257(1)
Mobility
257(1)
Application Support
258(1)
Management of the APs
258(1)
Radio Coverage Design
258(1)
Multigroup Access
259(1)
General Security Recommendations
259(2)
AP Recommendations
259(1)
WLAN Client Recommendations
260(1)
Infrastructure Recommendations
260(1)
New WLAN Deployments
261(14)
Embedded Security Solutions
261(2)
Threat Mitigation
263(1)
Design Fundamentals and Embedded Security
264(1)
VPN Overlays
265(1)
Threat Mitigation
266(1)
VPN Overlay Technologies
267(3)
Design Fundamentals and VPN Overlays
270(1)
Combined VPN and Embedded Security Design
271(1)
Threat Mitigation
272(1)
Design Fundamentals and the Combined VPN and Embedded Security Design
273(2)
Integration with Existing WLAN Deployments
275(6)
WPA Upgradeable, WEP Only, and Pre-WEP Devices
275(1)
Integrated Deployments
275(3)
Threat Mitigation
278(1)
Design Fundamentals
279(2)
SWAN Central Switch Design Considerations
281(1)
Admission Control Design
282(2)
Summary
284(3)
Operational and Design Considerations for Secure WLANs
287(20)
Rogue AP Detection and Prevention
287(5)
SWAN Rogue AP Detection
288(1)
Manual Rogue AP Detection
289(2)
Network-Based Rogue AP Detection
291(1)
WLAN Services Scaling
292(8)
RADIUS Best Practices
292(4)
VPN Best Practices
296(1)
IPSec VPN Clustering
296(3)
IPSec External Load Balancer
299(1)
SSL External Load Balancing
299(1)
Enterprise Guest Access
300(5)
Enterprise Guest Access Requirements
301(1)
Open Authentication Guest VLAN
301(1)
Traffic Separation of the Guest VLAN to the Edge of the Enterprise
302(1)
Plug-and-Play Connectivity
302(1)
Cost-Effective and Secure Access Codes
302(1)
Enterprise Guest Access Design
302(3)
Summary
305(2)
WLAN Security Configuration Guidelines and Examples
307(48)
Cisco Enterprise Class Wireless LAN Products
307(4)
Cisco Aironet AP1200 Access Point
308(1)
Cisco Aironet AP1100 Access Point
308(1)
Cisco Aironet AP350 Access Point
308(1)
Cisco Aironet BR350 Bridge
309(1)
Cisco Aironet BR1410 Bridge
309(1)
Cisco Aironet 802.11b/a/g and Cisco Client Extensions--Enabled Devices
309(1)
Cisco Secure Access Server
310(1)
Cisco Wireless LAN Solution Engine
310(1)
Catalyst 6500 Wireless LAN Services Module
310(1)
WLAN Security Methods: Configuration Guidelines and Examples
311(25)
Navigating the HTML GUI Configuration Pages
311(2)
IOS CLI Configuration Examples and Guidelines
313(1)
Open/No WEP Configuration
313(1)
Open/with WEP and WPA-PSK Configurations
313(3)
MAC Address Authentication Configuration
316(1)
EAP with Dynamic WEP Configuration
317(7)
WPA-DOT1x Configuration
324(5)
IPSec VPN over WLAN Configuration
329(3)
Multiple Security Profiles (SSIDs/VLANs) Configuration
332(4)
SWAN Nonswitching Deployment: Configuration Guidelines and Examples
336(8)
Basic WDS Configuration
336(2)
Fast Secure Roaming (CCKM) Configuration
338(2)
RF Aggregation Configuration and Rogue AP Detection
340(3)
Local Authentication Configuration (RADIUS Fall-Back Service)
343(1)
Securing Bridge-to-Bridge Links
344(2)
Secure WLAN Management Configuration Guidelines
346(2)
SWAN Central Switching Deployment: Configuration Guidelines and Examples
348(5)
Summary
353(2)
WLAN Deployment Examples
355(44)
Large Enterprise Deployment Examples
355(10)
Large Enterprise WLAN Deployment Example I
355(1)
WLAN Security Deployment Details
356(1)
Wired/Wireless LAN Integration and WLAN Infrastructure and User Management Details
357(1)
AAA and External User Database Infrastructure Implementation Details
358(2)
VoIP and Guest Services Deployment Details
360(1)
Summary of Large Enterprise WLAN Deployment Example I
361(1)
Large Enterprise WLAN Deployment Example II
362(1)
WLAN Security Deployment Details
363(1)
Wired/Wireless LAN Integration
364(1)
Deployment Challenges
364(1)
AAA Infrastructure Implementation Details
364(1)
Summary of Large Enterprise WLAN Deployment Example II
365(1)
Vertical Deployment Examples
365(24)
Retail WLAN Deployment Example I
366(1)
WLAN Security Deployment Details
367(2)
WDS and AAA Infrastructure Implementation Details
369(1)
Deployment Challenges
370(1)
Summary of Retail WLAN Deployment Example I
370(1)
Retail WLAN Deployment Example II
370(3)
University WLAN Deployment Example
373(3)
Financial WLAN Deployment Example I
376(2)
Financial WLAN Deployment Example II
378(1)
Healthcare WLAN Deployment Example I
379(4)
Healthcare WLAN Deployment Example II
383(3)
Manufacturing WLAN Deployment Example
386(3)
Small and Medium Businesses and SOHO WLAN Deployments
389(2)
Medium Enterprise WLAN Deployment Scenario Example
389(1)
Small Office WLAN Deployment Example
390(1)
SOHO WLAN Deployment Scenario Example
391(1)
Hotspot (Public WLAN) Deployment Examples
391(4)
Coffee Shop WLAN Hotspot Deployment Example
392(2)
Airport WLAN Deployment Example
394(1)
Summary
395(4)
Appendix A Resources and References 399(6)
Index 405

Supplemental Materials

What is included with this book?

The New copy of this book will include any supplemental materials advertised. Please check the title of the book to determine if it should include any access cards, study guides, lab manuals, CDs, etc.

The Used, Rental and eBook copies of this book are not guaranteed to include any supplemental materials. Typically, only the book itself is included. This is true even if the title states it includes any access cards, study guides, lab manuals, CDs, etc.

Rewards Program