During this course, you will develop skills and knowledge on the following objectives:

• WLAN Discovery Techniques
• Intrusion and Attack Techniques
• 802.11 Protocol Analysis
• Wireless Intrusion Prevention Systems (WIPS) Implementation
• Layer 2 and 3 VPNs used over 802.11 networks
• Enterprise/SMB/SOHO/Public-Network Security design models
• Managed Endpoint Security Systems802.11 Authentication and Key Management Protocols
• Enterprise/SMB/SOHO/Public-Network Security Solution Implmentation
• Building Robust Security Networks from the ground up
• Fast BSS Transition (aka. Fast/Secure Roaming) Techniques
• Thorough coverage of all 802.1X/EAP types used in WLANs
• Wireless LAN Management Systems (WNMS)
• Authentication Infrastructure Design Models
• Using Secure Applications
• 802.11 Design Architectures
• Implementing a Thorough Wireless Security Policy

Hands-On Lab Exercises:

WLAN Controller Security

• Secure access to the WLAN controller using secure management protocols
• Configuring multiple WLAN profiles, each with its own authentication and cipher suites including WPA/WPA2 Personal and Enterprise
• Configuring the WLAN controller for RADIUS connectivity and authentication
• Client station connectivity to the controller – including DHCP and browsing
• Integrated rogue device discovery

Wireless Intrusion Prevention Systems (WIPS)

• WIPS installation, licensing, adding/configuring sensors, and secure console connectivity
• Configuration according to organizational policy
• Properly classifying authorized, unauthorized, and external/interfering access points
• Identifying and mitigating rogue devices
• Identifying specific attacks against the authorized WLAN infrastructure or client stations

Using Laptop Analyzers

• Installing and configuring a WLAN discovery tool
• Installing, licensing, and configuring a laptop protocol analyzer
• Installing, licensing, and configuring a laptop spectrum analyzer
• Locating and analyzing 2.4 GHz and 5 GHz WLANs with a WLAN discovery tool
• Locating and analyzing 2.4 GHz and 5 GHz WLANs with a WLAN protocol analyzer
• Capturing and analyzing a WPA2-Personal authentication in a WLAN protocol analyzer
• Capturing and analyzing a WPA2-Enterprise authentication in a WLAN protocol analyzer
• Capturing and analyzing Hotspot authentication and data traffic in a WLAN protocol analyzer
• Capturing and analyzing Beacons, Probe Requests, Probe Responses, and Association Requests with a WLAN protocol analyzer
• Viewing a normal RF environment, a busy RF environment, and an RF attack on the WLAN in a spectrum analyzer

Fast Secure Roaming

• Configure a WLAN infrastructure with two controllers and two APs per controller. Configure APs for specific power and channel settings
• Install and configure a RADIUS server for PEAP
• Configure both controllers and an authorized client device for PEAP authentication using the CCMP cipher suite
• Configure an 802.11 protocol analyzer to capture the BSS transition
• Perform a slow BSS transition within a controller as a baseline
• Enable FSR mechanisms within controllers and the client station
• Perform a fast BSS transition within a controller as a comparison
• Perform a slow BSS transition between controllers as a baseline
• Perform a fast BSS transition (if vendor FSR mechanisms permit) between controllers as a comparison

Introduction to WLAN Security Technology

• Security policy
• Security concerns
• Security auditing practices
• Application layer vulnerabilities and analysis
• Data Link layer vulnerabilities and analysis
• Physical layer vulnerabilities and analysis
• 802.11 security mechanisms
• Wi-Fi Alliance security certifications

Small Office / Home Office WLAN Security Technology and Solutions

• WLAN discovery equipment and utilities
• Legacy WLAN security methods, mechanisms, and exploits
• Appropriate SOHO security

WLAN Mobile Endpoint Security Solutions

• Personal-class mobile endpoint security
• Enterprise-class mobile endpoint security
• User-accessible and restricted endpoint policies
• VPN technology overview

Branch Office / Remote Office WLAN Security Technology and Solutions

• General vulnerabilities
• Preshared Key security with RSN cipher suites
• Passphrase vulnerabilities
• Passphrase entropy and hacking tools
• WPA/WPA2 Personal – how it works
• WPA/WPA2 Personal – configuration
• Wi-Fi Protected Setup (WPS)
• Installation and configuration of WIPS, WNMS, and WLAN controllers to extend enterprise security policy to remote and branch offices

Enterprise WLAN Management and Monitoring

• Device identification and tracking
• Rogue device mitigation
• WLAN forensics
• Enterprise WIPS installation and configuration
• Distributed protocol analysis
• WNMS security features
• WLAN controller security feature sets

Enterprise WLAN Security Technology and Solutions

• Robust Security Networks (RSN)
• WPA/WPA2 Enterprise – how it works
• WPA/WPA2 Enterprise – configuration
• IEEE 802.11 Authentication and Key Management (AKM)
• 802.11 cipher suites
• Use of authentication services (RADIUS, LDAP) in WLANs
• User profile management (RBAC)
• Public Key Infrastructures (PKI) used with WLANs
• Certificate Authorities and x.509 digital certificates
• RADIUS installation and configuration
• 802.1X/EAP authentication mechanisms
• 802.1X/EAP types and differences
• 802.11 handshakes
• Fast BSS Transition (FT) technologies

This intensive, 5 day course is intended for network and system administrators, consultants and engineers that need to support Wireless LAN deployments.

It also is a great course for all infrastructure security professionals

The Following prerequisite knowledge and skills are suggested prior to attending the CWSP Course:

• CWNA Certification or the equivalent in knowledge and experience.
• Note that CWSP Certification does require that the candidate pass the CWNA certification exam (PW0-104) as well as the CWSP certification exam (PW0-204) in order to achieve certified status.