Forum

  • By (Deleted User)

    I've put this off for so long -- should have done it right after I finished tech editing the CWSP Study Guide. That was over a year ago and, to be honest, I'm a little rusty on the material.

    There are plenty of posts in the forum concerning the CWNA and CWAP but not so many on the CWSP. Anyone got some good tips and hints so I can pass this sucker on the first try? I'm already re-reading the study guide and I've got both the Planet3 and Boson practice exams. I also have the course material but haven't really attacked that since I'm concentrating on the study guide. Should I hit the course material or am I on the right track? Any other references I need to cover before going under the gun?

    Also, Devin, what is the approximate ratio of CWNAs to CWSPs worldwide? I know you don't publish numbers but it would be nice to get an idea of how they stack up. I would think it would probably be something like for every 20 CWNAs there are 2 CWSPs and .5 CWAPs, or is that way off? Or will you even divuldge that info? Either way is ok by me. I'm just curious.

    Joel B.

  • By (Deleted User)

    JoelB,


    First it its an honor to have someone with your expertise commenting on the wireless program and touting to its growing recognition. I am deeply honored by your posting.


    I am sure you will do well on the CWSP. You are a CWAP? I am trying to tackle that one currently it is a monster. What are your recommendations ?

    The security portion leans a lot to the systematic solving of wireless security problems as they relate to a wired network ie,

    -DOS Attacks (Data flooding)
    -802.1x Solutions
    -Non-Password Authorization methods
    -Rogue Servers
    -Multi-Layered Security Solutions
    -Encryption Algorithms
    -RADIUS Servers
    -WEP/WPA
    -IPSEC
    -Enterprise Wireless Gateway Devices

    Know: 802.1X with EAP (all flavors). Know RADIUS, Kerberos and where they fit in.

    Brush up on tunneling, VPN Protocols like PPTP:LT2P:IPSEC:SSH2: Mobile IP :NAT: DHCP (authenticated too).


    The Planet3 Practice Exams (PEs) help.

    They give you a "touchy feely" on how the Real Exam (RE) will word questions, but don't think that if you master the PEs (Practice Exams) you will master the RE (Real Exam).

    Read each question carefully and take your time walking through the solutions and answers. It is not a cake walk more of a logical process that requires an analytical dissect of the wireless and the wired networks too. Much like the reading of the CWAP book.


    Again it is an honor to see your posting and know that Cisco is taking a look at Planet3 and what they offer.

    Best of Success: Happy New Year!
    compughter

  • By (Deleted User)

    Compughter,

    Thanks for all the information. That helps and was what I was looking for.

    If you're interested in reading my recommendations for the CWAP exam, just do a search in this forum on my profile name (joelb) or just click the "Profile" button below and you'll have access to all my postings. There's plenty on the CWAP including the "Daily Diary" I made while attending the CWAP Train-the-Trainer course about 6 months ago.

    Joel

  • By (Deleted User)

    Showing my ignorance of VPN technologies....

    Ok, so I'm a little confused. I understand that PPTP, L2TP and IPSec include encryption and data integrity protocols. For example, on my VPN connection, it states I'm using 3DES encryption with HMAC-MD5 authentication. I know those can be part of IPSec and L2TP but aren't supported by PPTP. I'm not using a Microsoft VPN client. Other than by checking the client documentation, how do I determine whether I'm using L2TP/IPSec or just "straight" IPSec?

    JoelB

  • joelb Escribió:

    Showing my ignorance of VPN technologies....

    Ok, so I'm a little confused. I understand that PPTP, L2TP and IPSec include encryption and data integrity protocols. For example, on my VPN connection, it states I'm using 3DES encryption with HMAC-MD5 authentication. I know those can be part of IPSec and L2TP but aren't supported by PPTP. I'm not using a Microsoft VPN client. Other than by checking the client documentation, how do I determine whether I'm using L2TP/IPSec or just "straight" IPSec?

    JoelB


    A quick to see if you are just using IPsec is to look at the frames. If your IP frames have a next protocol for AH(51) or ESP(50) or ISAKemP then you are using IPsec. I beleive you can use it in tunnel mode(most implementations do) and in tunnel mode you can run L2TP. If you are using it in transport mode then I beleive you cannot use L2TP.
    Here is a cisco link to running L2TP over IPsec


    http://www.cisco.com/warp/public/110/l2tp-ipsec.html


    If you are just running L2TP I beleive there should be no precense of any IPsec protocols. IPsec and L2tp can each, individually be used as a VPN transport. It gets confusing when mixing one with the other. HTH

    Now back to the CWAP

  • :-) I love these threads.

    Joel, spend much time on 802.1X/EAP and VPN types.
    Understand the 802.1X port-based access control method well.

    To answer your question about VPNs...

    PPTP may use many types of authentication (PAP, CHAP, MS-CHAPv1, MS-CHAPv2, etc), and may OPTIONALLY use encryption. When encryption is used, it's MPPE (128-bit RC4).

    L2TP is a layer2 tunneling protocol ONLY. Though it can be used as a VPN method, it has no provision for data encryption - ONLY tunneling. This is good and bad. Good because you can send many protocol types through the tunnel. Bad because you have no encryption. L2TP works somewhat like PPTP in that it's a dialer function. You have endpoints - one a client and one a server. The client dials the server.

    IPSec can be implemented straight or with L2TP. If with L2TP, you have the dialer function (which is a good bonus). If without L2TP, you have to come up with SOMETHING that will allow the client device (such as a WLAN client) to authenticate. This is typically done through an O/S prompt (such as with the Cisco VPN client software), through a captive portal using a HTTPS webpage, etc.

    IPSec only encrypts when ESP is in use. AH authenticates, but doesn't encrypt. ESP can also authenticate (HMAC-MD5 or HMAC-SHA1), so AH is history in the VPN world. Always use ESP. IPSec works on a defining what "should" be encrypted and what "shouldn't" be encrypted. In the Cisco world, you define an ACL (called a crypto ACL when it's used for IPSec purposes) and the ACL defines what SHOULD be encrypted. If traffic parameters do not match the ACL, the traffic doesn't get encrypted - though it DOES still get passed.

    How do you "check" to see if you're using L2TP or Straight IPSec? Well, if you have a dialer (like with PPTP), then you're using L2TP. If not, then you're using IPSec straight up. Also, if you're sniffing the traffic, you'll see IPSec/ESP in your sniffer if you're doing straight IPSec. If you're doing L2TP, you'll see L2TP instead. The traffic inside the L2TP tunnel is encrypted with IPSec but you won't see that with the sniffer...you'll just see the L2TP headers and such. The payload will be garble. ;)

  • By (Deleted User)

    All that studying paid off... I made an 83 on the CWSP this morning and I'm glad it's over with! I am now the proud owner of the "triple crown" -- all three Planet 3 certifications.

    Joel

  • By (Deleted User)

    Great work and achievement!

    compughter

  • Joel man, you just RULE. You're a rare breed of engineer my friend. Few push as hard and far as you. Congrats on a job very well done!

    devinator

Page 1 of 1
  • 1