Class Details

Price: $2,795

CWSP (Certified Wireless Security Professional) Certification Training Course Description:

The Certified Wireless Security Professional certification is the professional level wireless LAN certification for the CWNP Program. The CWSP certification will assist in advancing your career by helping to ensure that you have the skills needed to successfully secure enterprise Wi-Fi networks from hackers. This certification allows you to do all of this regardless of which brand of Wi-Fi gear your organization uses.

This course will entail:

  • WLAN Discovery Techniques
  • Attack and Intrusion Techniques
  • 802.11 Protocol Analysis
  • WIPS (Wireless Intrusion Prevention Systems) Implementation
  • Layer 2 and 3 VPNs used over top of 802.11 networks
  • Understanding of Enterprise/SMB/SOHO/Public-Network Security design models
  • Managed Endpoint Security Systems802.11 as well as Authentication and Key Management Protocols
  • Enterprise/SMB/SOHO/Public-Implementation of Network Security Solution
  • Building Robust Security Networks from scratch
  • Types of Fast BSS Transition (aka. Fast/Secure Roaming) Techniques
  • Complete coverage of all 802.1X/EAP types used in WLANs
  • WNMS (Wireless LAN Management Systems)
  • Authentication Infrastructure Design Models
  • How to Use Secure Applications
  • Types of 802.11 Design Architectures
  • How to Implement a Thorough Wireless Security Policy

Course Outline

CWSP (Certified Wireless Security Professional) Certification Training Course Outline:

1. WLAN Security Overview

  • Standards Organizations
  • International Organization for Standardization (ISO)
  • Institute of Electrical and Electronics Engineers (IEEE)
  • Internet Engineering Task Force (IETF)
  • Wi-Fi Alliance
  • 802.11 Networking Basics
  • 802.11 Security Basics
  • Data Privacy
  • Authentication, Authorization, Accounting (AAA)
  • Segmentation
  • Monitoring
  • Policy
  • 802.11 Security History
  • 802.11i Security Amendment and WPA Certifications
  • Robust Security Network (RSN)

2. Legacy 802.11 Security

  • Authentication
  • Open System Authentication
  • Shared Key Authentication
  • Wired Equivalent Privacy (WEP) Encryption
  • TKIP
  • Virtual Private Networks (VPNs)
  • Point-to-Point Tunneling Protocol (PPTP)
  • Layer 2 Tunneling Protocol (L2TP)
  • Internet Protocol Security (IPsec)
  • Secure Sockets Layer (SSL)
  • VPN Configuration Complexity
  • VPN Scalability
  • MAC Filters
  • SSID Segmentation
  • SSID Cloaking

3. Encryption Ciphers and Methods

  • Encryption Basics
  • Symmetric and Asymmetric Algorithms
  • Stream and Block Ciphers
  • RC4/ARC4
  • RC5
  • DES
  • 3DES
  • AES
  • WLAN Encryption Methods
  • WEP
  • WEP MPDU
  • TKIP
  • TKIP MPDU
  • CCMP
  • CCMP MPDU
  • WPA/WPA2
  • Future Encryption Methods
  • Propietary Layer 2 Implementation

4. 802.1X/EAP Authentication

  • WLAN Authentication Overview
  • AAA
  • Authentication
  • Authorization
  • Accounting
  • 802.1X
  • Supplicant
  • Authenticator
  • Authentication Server
  • Supplicant Credentials
  • Usernames and Passwords
  • Digital Certificates
  • Protected Access Credentials
  • One-Time Passwords
  • Smart Cards and USB Tokens
  • Machine Authentication
  • 802.1X/EAP and Certificates
  • Server Certificates and Root CA Certificates
  • Client Certificates
  • Shared Secret
  • Legacy Authentication Protocols
  • PAP
  • CHAP
  • MS-CHAP
  • MS-CHAPv2
  • EAP
  • Weak EAP Protocols
  • EAP-MD5
  • EAP-LEAP
  • Strong EAP Protocols
  • EAP-PEAP
  • EAP-TTLS
  • EAP-TLS
  • EAP-FAST
  • Miscellaneous EAP Protocols
  • EAP-SIM
  • EAP-AKA
  • EAP-TEAP

5. 802.11 Layer 2 Dynamic Encryption Key Generation

  • Advantages of Dynamic Encryption
  • Robust Security Network (RSN)
  • RSN Information Element
  • Authentication and Key Management (AKM)
  • RSNA Key Hierarchy
  • 4-Way Handshake
  • Group Key Handshake
  • PeerKey Handshake
  • TDLS Peer key Handshake
  • RSNA Security Associations
  • Passphrase-to-PSK Mapping
  • Roaming and Dynamic Keys

6. PSK Authentications

  • WPA/WPA2-Personal
  • Preshared keys (PSK) and Passphrases
  • WPA/WPA2-Personal Risks
  • Entropy
  • Proprietary PSK
  • Simultaneous Authenticaion of Equals (SAE)

7. 802.11 Fast Secure Roaming

  • History of 802.11 Roaming
  • Client Roaming Thresholds
  • AP-to-AP Handoff
  • RSNA
  • PMKSA
  • PMK Caching
  • Preauthentication
  • Opportunistic Key Caching (OKC)
  • Proprietary FSR
  • Fast BSS Transition (FT)
  • Information Elements
  • FT Initial Mobility Domain Association
  • Over-the-Air Fast BSS Transition
  • Over-the-DS Fast BSS Transition
  • 802.11k
  • 802.11v
  • Voice Enterprise
  • Layer 3 Roaming
  • Troubleshooting

8.  WLAN Security Infrastructure

  • 802.11 Services
  • Integration Service (IS)
  • Distribution System (DS)
  • Management, Control, and Data Planes
  • Management Plane
  • Control Plane
  • Data Plane
  • WLAN Architecture
  • Autonomous WLAN Architecture
  • Centralized Network Management Systems
  • Cloud Networking
  • Centralized WLAN Architecture
  • Distributed WLAN Architecture
  • Unified WLAN Architecture
  • Hybrid Architecture
  • Enterprise WLAN Routers
  • WLAN Mesh Access Points
  • WLAN Bridging
  • VPN Wireless Security
  • VPN
  • Layer 3 VPNs
  • SSL VPN
  • VPN Deployment
  • Infrastructure Management
  • Protocols for Management

9. RADIUS and LDAP

  • LDAP
  • RADIUS
  • Authentication and Authorization
  • Accounting
  • RADIUS Configuration
  • LDAP Proxy
  • RADIUS Deployment Models
  • RADIUS Proxy
  • RADIUS Proxy and Realms
  • RADIUS Failover
  • WLAN Devices as RADIUS Servers
  • Captive Web Portal and MAC Authentication
  • RadSec
  • Attribute-Value Pairs
  • Vendor-Specific Attributes
  • VLAN Assignment
  • Role-Based Access Control
  • LDAP Attributes

10. Bring Your Own Device (BYOD) and Guest Access

  • Mobile Device Management
  • Company-Issued Devices vs. Personal Devices
  • MDM Architecture
  • MDM Enrollement
  • MDM Profiles
  • MDM Agent Software
  • Over-the-Air Management
  • Application Management
  • Self-Service Device Onboarding for Employees
  • Dual-SSID Onboarding
  • Single-SSID Onboarding
  • MDM vs. Self-Service Onboarding
  • Guest WLAN Access
  • Guest SSID
  • Guest VLAN
  • Guest Firewall Policy
  • Captive Web Portals
  • Client Isolation, Rate Limiting, and Web Content Filtering
  • Guest Management
  • Guest Self-Registration
  • Employee Sponsorship
  • Social Login
  • Encrypted Guest Access
  • Network Access Control (NAC)
  • Posture
  • OS Fingerprinting
  • AAA
  • RADIUS Change of Authorization
  • Single Sign-Ons

11. Wireless Security Troubleshooting

  • Five Tenets of WLAN Troubleshooting
  • Troubleshooting Best Practices
  • Troubleshoot the OSI Model
  • Most Wi-Fi Problems are Client Issues
  • Proper WLAN Design Reduces Problems
  • WLAN Always Gets the Blame
  • PSK Troubleshooting
  • 802.1X/EAP Troubleshooting
  • 802.1X/EAP Troubleshooting Zones
  • Zone 1: Backed Communication Problems
  • Zone 2: Supplicant Certificate Problems
  • Zone 2: Supplicant Credential Problems
  • Roaming Troubleshooting
  • VPN Troubleshooting

12. Wireless Security Risks

  • Unauthorized Rogue Access
  • Rogue Devices
  • Rogue Prevention
  • Eavesdropping
  • Casual Eavesdropping
  • Malicious Eavesdropping
  • Eavesdropping Risks
  • Eavesdropping Prevention
  • Authentication Attacks
  • Denial-of-Service Attacks
  • Layer 1 DoS Attacks
  • Layer 2 DoS Attacks
  • MAC Spoofing
  • Wireless Hijacking
  • Management Interface Exploits
  • Vendor Proprietary Attacks
  • Physical Damage and Theft
  • Social Engineering
  • Guest Access and WLAN Hotspots

13. Wireless LAN Security Auditing

  • WLAN Security Audit
  • OSI Layer 1 Audit
  • OSI Layer 2 Audit
  • Penetration Testing
  • Wired Infrastructure Audit
  • Social Engineering Audit
  • WIPS Audit
  • Documenting the Audit
  • Audit Recommendations
  • WLAN Security Auditing Tools
  • Linux-Based Tools

14. Wireless Security Monitoring

  • Wiress Intrusion Detection and Prevention Systems
  • WIDS/WIPS Infrastructure Components
  • WIDS/WIPS Architecture Models
  • Multiple Radio Sensors
  • Sensor Placement
  • Device Classification
  • Rogue Detection
  • Rogue Mitigation
  • Device Tracking
  • WIDS/WIPS Analysis
  • Signature Analysis
  • Behavior Analysis
  • Protocol Analysis
  • Spectrum Analysis
  • Forensic Analysis
  • Performance Analysis
  • Monitoring
  • Policy Enforcement
  • Alarms and Notification
  • False Positives
  • Reports

15. Wireless Security Policies

  • General Policy
  • Policy Creation
  • Policy Management
  • Functional Policy
  • Password Policy
  • RBAC Policy
  • Change Control Policy
  • Authenication and Encryption Policy
  • WLAN Monitoring Policy
  • Endpoint Policy
  • Acceptable Use Policy

 

Objectives

  • WLAN Discovery Techniques
  • Intrusion and Attack Techniques
  • 802.11 Protocol Analysis
  • Wireless Intrusion Prevention Systems (WIPS) Implementation
  • Layer 2 and 3 VPNs used over 802.11 networks
  • Enterprise/SMB/SOHO/Public-Network Security design models
  • Management Endpoint Security Systems 802.11 Authentication and Key

Class Exam

CWSP (Certified Wireless Security Professional) Exam and Testing:

CWSP (PW0-205) Exam Summary:

  • Exam Number is PW0-205
  • Students can Register at Pearson VUE
  • Duration of the exam is 90 minutes
  • There are 60 Questions
  • The questions are Multiple choice / multiple answer
  • A passing score is 70% (80% for Instructors)
  • The test is available in English only

Phoenix TS is a certified testing center for both Pearson VUE & Prometric. Students are able to register for their CWSP Certification Exam at the Phoenix TS test centers located in: Washington DC, Baltimore, or Columbia, Maryland. Students need to simply go to the Pearson VUE or Prometric website and/or call us directly at 301-258-8200.