Overview

Today, every organisation needs a fit-for-purpose IT Security Policy which includes state-of-the-art Wireless Security Policy. This Industry-leading WCC™ Certified Wireless Security Manager™ course is the most up-to-date Wireless Security course available, teaching you how to Design, Write and Implement Effective and Auditable Wireless Security Policies. This course helps you prepare for two industry certifications: Certified Wireless Security Professional (CWSP) and Certified Wireless Security Manager (CWSM).

Duration

5 days

Audience

  • IT security professionals and network security auditors.
  • All professionals responsible for maintaining the security of Wi-Fi Networks.
  • Wi-Fi networking professionals wishing to acquire the Certitrek CWSP® or WCC™ Certified Wireless Security Manager™ (CWSM™) certifications.
  • Experienced networking professionals wanting the critical skills needed to secure and audit wireless networks.

Prerequisites

Before attending this course, delegates should attend the WCC™ Certified Wireless Network Manager™ course; or have a current Certitrek CWNA certification; or equivalent detailed knowledge of the 802.11 / Wi-Fi Physical and MAC layers, and practical Wi-Fi network operations.

Objectives

Understand the latest Wi-Fi security standards and practices.
Design and write state-of the-art wireless security policies.
Implement effective wireless security policies which are verifiably fit-for-purpose.
Understand Wi-Fi network security in depth.
Understand the weaknesses of WEP, WPA, WPA2-Personal, TKIP, CCMP, 802.1X and specific EAP methods.
Secure Wi-Fi networks using WPA2 and WPA3 in Enterprise mode and Personal mode.
Implement User / Group Policy for Role-Based Access Control (RBAC).
Understand IEEE 802.1X/EAP and multiple EAP types.
Work with RADIUS servers, dynamically-assigned VLANs, multiple SSIDs and more.
Understand how Wireless Penetration Testing (wireless PEN testing) should be conducted.
Ensure that your Wireless networks are secure and compliant with your Security Policy.
Prepare for the Certitrek Certified Wireless Security Professional (CWSP) and WCC™ Certified Wireless Security Manager™ (CWSM™) certifications.

Content Headings

IT Security Policy
The Role of IT Security policy
Some key IT Security concerns
The Purpose and Structure of a good Security Policy
Security Auditing Best Practices

Introduction to Wi-Fi Security Concepts
Application layer vulnerabilities and analysis
802.11 / WiFi Data Link layer vulnerabilities and analysis
802.11 Physical layer vulnerabilities and analysis
802.11 / Wi-Fi security mechanisms
802.11 Legacy security mechanisms and exploits
Wi-Fi Alliance security certifications
WiFi Client Security Solutions
Enterprise-class client security

WiFi Network Vulnerabilities
WiFi Monitor mode
Wardriving Access Points
Wardriving Stations
Eavesdropping
ARP poisoning
Denial of Service attacks
RF DOS
Frame-level DOS
Queensland Attack
Rogue Access Points
Rogue Stations
Cafe Latte attack

SOHO and SMB WLAN Security Technologies and Solutions
General vulnerabilities
WPA Pre-Shared Key security with RSN cipher suites
WPA/WPA2 Personal operation
Configuring WPA/WPA2 Personal security
WPA Passphrase vulnerabilities
Passphrase entropy
WPA Passphrase hacking tools
TKIP Key Generation and Management
WPA and WPA2 4-way handshakes
Key mixing
Attacks against TKIP
Client-side dictionary attack
Block ciphers
CCMP
Attacks against CCMP
WiFi Protected Setup (WPS)
The roles of:
– WLAN controllers
– Wireless Network Management Systems (WNMS)
– Wireless Intrusion Protection Systems (WIPS)

Enterprise WiFi Network Management and Monitoring
Client device identification and location
Rogue device detection, location and mitigation
WiFi security forensics and data logging
Enterprise WIPS installation and configuration
Protocol analysis
Security capabilities of
– WLAN Controllers
– WNMS
– WIPS

Enterprise-grade WiFi network Security
Robust Security Networks (RSN)
WPA/WPA2 Enterprise operation
The 802.1X/EAP architecture
Extensible Authentication Protocol (EAP)
Review of EAP types and capabilities
RADIUS architecture and protocol
RADIUS and LDAP authentication services
Role Based Access Control (RBAC)
Configuring WPA/WPA2 Enterprise security
802.11 Authentication and Key Management (AKM)
Operation of EAP-TLS, PEAP-MSCHAPv2, PEAP-TLS and more
EAP-TLS weaknesses
PEAP weaknesses
User profile management
Public Key cryptography
X.509 Certificates
Using Public Key Infrastructures (PKI) with WiFi networks
Certificate Authorities (CA) and CCITT X.509 digital certificates
Installing and configuring a RADIUS server
802.11 handshakes and exchanges
Understanding BSS Transition
Fast BSS Transition (FT)
Fast Secure Roaming (FSR)

Hotspot 2.0
Wi-Fi Certified Passpoint / HS 2.0 / HS2
802.11u
Generic Advertisement Service (GAS)
Access Network Query Protocol (ANQP)
WBA NGH

Wi-Fi Protected Access 3 (WPA3)
Overview of Wi-Fi Alliance WPA3
192 bit encryption
Opportunistic Wireless Encryption (OWE)
Simultaneous Authentication of Equals (SAE)
Diffie-Hellman key exchange, PAKE, SPEKE
Offline Dictionary Attack Resistance
Dragonfly Key Exchange
WPA3 Easy Connect
Device Provisioning Protocol (DPP)
WPA3 Enhanced Open

Supporting guest WiFi access
Captive portals

Wi-Fi Manufacturer Security Solutions
Per-User Pre-Shared Key / Per-User PSK
Dynamic Pre-Shared Key / Dynamic PSK (DPSK)
Private Pre-Shared Key / Private PSK (PPSK)
Identity Pre-Shared Key / Identity PSK
EasyPass Personal

Bring Your Own Device (BYOD)
Security Policy for BYOD
Onboarding and Policy Enforcement

Wireless Security Monitoring
Wireless Intrusion Detection Systems (WIDS)
Wireless Intrusion Prevention Systems (WIPS)
The limitations of commercial WIDS and WIPS
Mojo Networks (AirTight)
Marker Packet technology
Automatic Device Classification and Threat Assessment
Automated threat prevention
Real-time troubleshooting and analysis

Wireless Penetration Testing
Methods for Ethical Hacking WiFi networks
Kismet, Airjack, Wifiphisher, CloudCracker, Ghost Phisher
Aircrack-ng, Reaver, Pixiewps, Wifite, Fern Wifi Cracker, Macchanger, Wash, oclHashcat, Crunch
The inadequacies of Wireless PEN Testing

Writing your Auditable Wireless Security Policy
Implementing your WCC-compliant Wireless Security Policy
Verifying your Wireless Security Policy
Auditing Wireless Security Policy
External Wireless Security Policy Audit
Preparing for External Audit

Securing Everything Wireless
The need for a Wider Wireless Security Policy
Understanding other key wireless technlogies
Bluetooth, ZigBee
WiGig (802.11ad)
IoT wireless security
Wi-Fi HaLow (802.11ah)
802.11af
DECT (Digital Enhanced Cordless Telecommunications)
900 MHz systems
868 MHz, European Low Power Networks (LPWAN), Sigfox, LoRaWan
863 – 870 MHz systems
RFID systems
NFC (Near Field Communications)
Writing and Implementing your Broader Wireless Security Policy

Copyright Statements
Certitrek® CWNP® CWNA® CWSP® CWAP® CWDP® and CWNE® are registered trademarks of Certitrek Group LLC
Wi-Fi® is a registered trademark of Wi-Fi Alliance
All other trademarks are the property of their respective owners
See also Important Notices