Legit CWSP-207 Exam Download

The MSK is generated from the 802.1X/EAP authentication. The PMK is derived from the MSK. The PTK is derived from the PMK, and the keys used for actual data encryption are a part of the PTK.

If passphrase-based client authentication is used by the EAP type, the PMK is mapped directly from the user’s passphrase. The PMK is then used during the 4-way handshake to create data encryption keys.

After successful EAP authentication, the RADIUS server generates a PMK. A separate key, the MSK, is derived from the AAA key and is hashed with the PMK to create the PTK and GTK.

The PMK is generated from a successful mutual EAP authentication. When mutual authentication is not used, an MSK is created. Either of these two keys may be used to derive the temporal data encryption keys during the 4-way handshake.

WPA2-Enterprise authentication/encryption

Internal RADIUS server

WIPS support and integration

802.1Q VLAN trunking

SNMPv3 support

Use a WPA2-Enterprise compliant security solution with strong mutual authentication and encryption for network access of corporate devices.

Hide the SSID of all legitimate APs on the network so that intruders cannot copy this parameter on rogue APs.

Conduct thorough manual facility scans with spectrum analyzers to detect rogue AP RF signatures.

A trained employee should install and configure a WIPS for rogue detection and response measures.

Enable port security on Ethernet switch ports with a maximum of only 3 MAC addresses on each port.

Awareness of the exact vendor devices being installed

Management support for the process

End-user training manuals for the policies to be created

Security policy generation software