Enterprise Wi-Fi Security (CWSP)

10489937_10152200919819077_5364691472042110206_n

Enterprise Wi-Fi Security

Course Overview

The Wireless LAN Security course consists of hands-on learning using the latest enterprise wireless LAN equipment. This course addresses in detail the most important and relevant WLAN security protocols, exchanges, and deployment strategies in the enterprise today. We focus heavily on understanding the functionality of the 802.11i amendment (now part of the larger standard), including authentication, encryption, and key management. 802.1X and EAP are also central to this conversation, with an in-depth examination of the inner-workings of each authentication mode and EAP type used in wireless LANs today. Other infrastructure security solutions are also taught, such as role-based access control, segmentation, VPNs, firewalls, wireless intrusion prevention and monitoring, secure roaming, and network management. Finally, no security course is complete without taking a look at security vulnerabilities, attacks, audit and penetration tools, as well as policy and prevention. We cover every type and class of WLAN security solution available on the market.

Students who complete the course will acquire the necessary skills for implementing and managing wireless security in the enterprise by creating Layer-2 and Layer-3 hardware and software solutions with tools from the industry leading manufacturers. This course is also designed to prepare attendees to take and pass the PW0-204 CWSP security exam.

Course Duration: 5 days

Prerequisites

Wireless LAN literacy, CWNA preferred

Course Outline

The following list contains the materials covered in the lecture portion of the course.

Introduction to WLAN Security Technology

  • Security policy
  • Security concerns
  • Security auditing practices
  • Application layer vulnerabilities and analysis
  • Data Link layer vulnerabilities and analysis
  • Physical layer vulnerabilities and analysis
  • 802.11 security mechanisms
  • Legacy WLAN security methods, mechanisms, and exploits
  • Wi-Fi Alliance security certifications

WLAN Mobile Endpoint Security Solutions

  • Enterprise-class mobile endpoint security
  • User-accessible and restricted endpoint policies
  • VPN technologies common for client devices

SOHO and SMB WLAN Security Technologies and Solutions

  • General vulnerabilities
  • Pre-shared Key security with RSN cipher suites
  • Passphrase vulnerabilities
  • Passphrase entropy and hacking tools
  • WPA/WPA2 Personal – how it works
  • WPA/WPA2 Personal – configuration
  • Installation and configuration of WIPS, WNMS, and WLAN controllers to extend enterprise security policy to remote and branch offices
  • Remote/branch office VPN technologies common for infrastructure devices

Enterprise WLAN Management and Monitoring

  • Device identification and tracking
  • Rogue device detection and mitigation
  • WLAN forensics and data logging
  • Enterprise WIPS installation and configuration
  • Protocol analysis
  • WNMS security features
  • WLAN controller security feature sets

Enterprise WLAN Security Technology and Solutions

  • Robust Security Networks (RSN)
  • WPA/WPA2 Enterprise – how it works
  • WPA/WPA2 Enterprise – configuration
  • IEEE 802.11 Authentication and Key Management (AKM)
  • 802.11 cipher suites
  • Use of authentication services (RADIUS, LDAP) in WLANs
  • User profile management (RBAC)
  • Public Key Infrastructures (PKI) used with WLANs
  • Certificate Authorities and X.509 digital certificates
  • RADIUS installation and configuration
  • 802.1X/EAP authentication mechanisms
  • EAP types and differences
  • 802.11 handshakes and exchanges
  • Fast BSS Transition (FT) technologies (FSR—Fast Secure Roaming)
  • Captive portals and guest networking