CWSP Instructor Led Course Outline

Enterprise Wi-Fi Security, Outline v4.0 | Find a class
 

Introduction

The Wireless LAN Security course consists of hands-on learning using the latest enterprise wireless LAN equipment. This course addresses in detail the most important and relevant WLAN security protocols, exchanges, and deployment strategies in the enterprise today. We focus heavily on understanding the functionality of the 802.11i amendment (now part of the larger standard), including authentication, encryption, and key management. 802.1X and EAP are also central to this conversation, with an in-depth examination of the inner-workings of each authentication mode and EAP type used in wireless LANs today. Other infrastructure security solutions are also taught, such as role-based access control, segmentation, VPNs, firewalls, wireless intrusion prevention and monitoring, secure roaming, and network management. Finally, no security course is complete without taking a look at security vulnerabilities, attacks, audit and penetration tools, as well as policy and prevention. We cover every type and class of WLAN security solution available on the market.
Students who complete the course will acquire the necessary skills for implementing and managing wireless security in the enterprise by creating Layer-2 and Layer-3 hardware and software solutions with tools from the industry leading manufacturers. This course is also designed to prepare attendees to take and pass the CWSP security exam.

 

  • Associated Certifications: CWSP
  • Price: $2,795.00
  • Duration: 5 days, Classroom, approximately 25% – 50% hands-on
  • Availability: Find training near you.
  • Prerequisites: Wireless LAN literacy, CWNA preferred
  • BICSI Continuing Education Credit: 32

Hands-on Lab Exercises

WLAN Connectivity
Along with client devices, WLAN access points and/or controllers are currently the center piece of 802.11 security. Other infrastructure components are important to security, but the primary focus is how client devices access the network, what authentication and encryption methods are used, and how that wireless data is protected. For this reason, an in-depth understanding how to secure access to the network through the WLAN infrastructure is essential.
This lab is focused on WLAN AP/controller and client device security, and primarily covers the following areas:

  1. Secure access to the AP/controller using secure management protocols
  2. Configuring multiple WLAN profiles, each with its own authentication and cipher suites including WPA/WPA2 Personal and Enterprise
  3. Configuring client devices to connect to the WLAN infrastructure using secure protocols including WPA/WPA2 Personal and Enterprise.
  4. Creating user or group policies that provide network services to clients based on their authorization level
  5. Understanding integrated wIPS configuration, policies, and monitoring

802.1X/EAP Configuration
This lab is focused on 802.1X/EAP security. WPA/WPA2-Enterprise relies on secure authentication via 802.1X/EAP, often utilizing an enterprise’s backend authentication infrastructure, including RADIUS servers as well as user databases. In this lab, we will gain first-hand knowledge of this process and the configuration details involved. This lab group covers the following exercises:

  1. Setting up a RADIUS server and a user credential database with EAP support
  2. Creating and using server certificates and installing the certificate on client devices
  3. Configuring the WLAN AP/controller for 802.1X with RADIUS connectivity
  4. Configuring EAP types, user credentials, and certificates on the client devices

Wireless Intrusion Prevention Systems (WIPS)
This lab module is focused on Wireless Intrusion Prevention Systems (WIPS). WIPS are known for three overriding functions: security monitoring, performance monitoring, and reporting. In this lab exercise, we will focus on security monitoring and reporting. Areas of particular interest include:

  1. WIPS installation, licensing, adding/configuring sensors, and secure console connectivity
  2. Configuring WLAN profils according to organizational security policies
  3. Properly classifying authorized, unauthorized, and external/interfering access points
  4. Identifying and mitigating rogue devices
  5. Identifying specific attacks against the authorized WLAN infrastructure or client stations

Using Laptop-based Protocol and Spectrum Analyzers
This lab is focused on the use of laptop analyzers for spectrum analysis, protocol analysis, and WLAN discovery. Understanding driver issues, security-related protocol analysis (authentication and encryption), and spectrum analysis will aid the wireless security professional in policy compliance, proper implementation, and troubleshooting. The following steps will be covered in this lab exercise.

  1. Installing and configuring a WLAN discovery tool, a laptop protocol analyzer, and a laptop spectrum analyzer
  2. Locating and analyzing 2.4 GHz and 5 GHz WLANs with a WLAN discovery tool and protocol analyzer
  3. Capturing and analyzing WPA2-Personal and Enterprise (among others) authentication sequences in a WLAN protocol analyzer
  4. Capturing and analyzing Hotspot authentication and data traffic in a WLAN protocol analyzer
  5. Capturing and analyzing common frame types and security elements with a WLAN protocol analyzer
  6. Viewing a normal RF environment, a busy RF environment, RF interference sources, and an RF attack on the WLAN in a spectrum analyzer

Fast Secure Roaming
This lab is focused on fast secure roaming (FSR) within an Extended Service Set. Moving quickly and securely between access points attached to the same distribution system is a requirement of real-time mobility devices such as VoWiFi phones and mobile video devices. Understanding the standards-based and proprietary processes of a Fast Transition (FT) service will help network designers support strong security and fast roaming simultaneously. The following steps will be covered in this lab exercise.

  1. Configure a WLAN infrastructure roaming scenario with multiple APs and possibly multiple controllers
  2. Utilize a RADIUS server for 802.1X/EAP authentication and the WLAN infrastructure for simpler forms of security
  3. Configure a client device for EAP authentication using the CCMP cipher suite
  4. Configure an 802.11 protocol analyzer to capture the roaming transition
  5. Perform a slow BSS transition as a baseline, testing open authentication, WEP, WPA2-Personal, and WPA2-Enterprise
  6. Enable fast secure roaming mechanisms within the infrastructure and on the client station and perform a fast transition
  7. Conduct the same tests across a Layer-3 IP boundary as well as between controllers

Network Attacks and Auditing
This lab is focused on understanding and conducting common network attack sequences. Defensive network security requires an understanding of offensive attacks. Auditing is the process of validating a security solution, and understanding auditing tools is an important skill for administrators and consultants. This module will be tailored to the class, but covers topics like the following:

  1. Conducting authentication and encryption cracking attacks
  2. Conducting simple attacks/workarounds like MAC spoofing
  3. Performing basic protocol analysis and eavesdropping
  4. Attempting advanced attacks like session hijacking, packet injection, replay attacks, and protocol DoS attacks

Course Outline

The following list contains the materials covered in the lecture portion of the course.
Introduction to WLAN Security Technology

  • Security policy
  • Security concerns
  • Security auditing practices
  • Application layer vulnerabilities and analysis
  • Data Link layer vulnerabilities and analysis
  • Physical layer vulnerabilities and analysis
  • 802.11 security mechanisms
  • Legacy WLAN security methods, mechanisms, and exploits
  • Wi-Fi Alliance security certifications

WLAN Mobile Endpoint Security Solutions

  • Enterprise-class mobile endpoint security
  • User-accessible and restricted endpoint policies
  • VPN technologies common for client devices

SOHO and SMB WLAN Security Technologies and Solutions

  • General vulnerabilities
  • Preshared Key security with RSN cipher suites
  • Passphrase vulnerabilities
  • Passphrase entropy and hacking tools
  • WPA/WPA2 Personal – how it works
  • WPA/WPA2 Personal – configuration
  • Installation and configuration of WIPS, WNMS, and WLAN controllers to extend enterprise security policy to remote and branch offices
  • Remote/branch office VPN technologies common for infrastructure devices

Enterprise WLAN Management and Monitoring

  • Device identification and tracking
  • Rogue device detection and mitigation
  • WLAN forensics and data logging
  • Enterprise WIPS installation and configuration
  • Protocol analysis
  • WNMS security features
  • WLAN controller security feature sets

Enterprise WLAN Security Technology and Solutions

  • Robust Security Networks (RSN)
  • WPA/WPA2 Enterprise – how it works
  • WPA/WPA2 Enterprise – configuration
  • IEEE 802.11 Authentication and Key Management (AKM)
  • 802.11 cipher suites
  • Use of authentication services (RADIUS, LDAP) in WLANs
  • User profile management (RBAC)
  • Public Key Infrastructures (PKI) used with WLANs
  • Certificate Authorities and X.509 digital certificates
  • RADIUS installation and configuration
  • 802.1X/EAP authentication mechanisms
  • EAP types and differences
  • 802.11 handshakes and exchanges
  • Fast BSS Transition (FT) technologies (FSR—Fast Secure Roaming)
  • Captive portals and guest networking