Hereby my plan of action for preparing for Certified Wireless Security Professional. This exam is very theoretic based. Need to know the different type of handshakes, roaming methods and EAP types. Knowing the protocol analysis from this helps to understand the why behind the theory. Those requirements are based on CWSP-205 and the books that…
Overview – WIDS and WIPS
As you probably know, there are multiple attacks possible in the wireless world. To detect and prevent those attacks there are monitor tools like a wireless intrusion detection system (WIDS). The best solution for attacks is to prevent them. With wireless intrusion prevention system (WIPS), it is possible to mitigate attacks from, for example, rogue…
WIDS and WIPS analysis and monitoring
In the overview WIDS/WIPS blog, I wrote of four analysis methods from the server used to collect data: – Signature analysis looks for patterns. – Behaviour analysis looks for anomalies. – Protocol analysis analyses the MAC layer information or upper layer non-encrypted frames. – Spectrum analysis analyses the RF spectrum. The WIPS/WIDS has a database…
Rogue detection and mitigation
A WIDS/WIPS can do device classification and recognize devices such as access points, client stations, and ad hoc clients, as long as those devices are within range of the sensors. When the devices are scanned and recognized the devices will be classified in four categories: Authorized devices: Devices that are owned by the company or…
Overview – Roaming
Roaming is when a client wants to move around the building. During this, the signal strengths with the access point reduce and at a certain point there will be an access point with a better signal strength. With a reassociation the client moves from one BSS (Basic Service Set) to another BSS within the ESS…
Key Caching
PMK caching or static key caching (SKC) is the first caching method. The PMK is cached for a certain length of time. A client is able to cache multiple PMKs, so when a client associates with an access point a new PMKSA is established with PMK #1. This key will be cached on the client….