Enhanced CWSP course
LEVER have transformed the official Planet3 Wireless Inc. Certified Wireless Security Professional course into what we believe is the World's leading wireless LAN security course.

• Based on the market-leading CWSP version 3 course.
• Includes 6 hours of additional course material covering 802.11 wireless LAN security.

• Implementing VLANs using Wireless LAN controllers and Cisco Catalyst layer-2 switches.
• Implementing RADIUS authentication with Microsoft Internet Authentication Service (IAS).
• Implementing dynamic, role-based VLANs using Microsoft IAS and other RADIUS servers.
• Using Microsoft Certificate Services for Enterprise-strength authentication.
• Implementing EAP-TLS, PEAP-MSCHAPv2 and PEAP-EAP-TLS using Microsoft IAS and Microsoft Certificate Services.
• Implementing Enterprise authentication using 802.1x with EAP-TLS, EAP-TTLS and Protected EAP (PEAP) using Microsoft Windows Group Policy.

Who should attend?
This course is designed for experienced networking professionals who wish to gain the critical skills needed to secure wireless networks.

This course is appropriate for:

• All wireless network professionals
• IT Security Professionals
• Network Architects
• Systems and Network Administrators
• Systems and Network Engineers
• Systems and Network Analysts
• Final-line Technical Support staff
• Technical Consultants Network Architects.

With the rapid increase in wireless LAN installations, all IT network and security professionals should now look to develop their knowledge and skills in wireless network security.

Completing CWSP Training and Certification is the clearest way to demonstrate competence in 802.11 wireless network security.

Certification
On successful completion of the course and self-study modules, delegates will be prepared for the CWSP Certification Exam (Exam #PW0-200).

Lifetime Post-Course Support
After completing their course with LEVER, every delegate receives lifetime post-training support from LEVER Technology Group PLC, to help apply the technologies and skills they have learned with us, to provide career-long support, and to ensure they are better equipped for their future roles in IT and networking.

Pre-requisites
Delegates should have acquired CWNA certification prior to attending this course.

Course benefits
This industry-leading wireless LAN security course from LEVER Technology Group PLC provides a comprehensive, high-value hands-on practical coverage of IEEE 802.11 Wireless LAN Security, passing on the necessary skills for implementing and managing wireless security in the enterprise using products from the industry's leading manufacturers.

The course incorporates 70% hands-on practical time, and helps delegates prepare for the Certified Wireless Security Professional (CWSP™) exam.

The course comprises 40 hours of instructor-led hands on learning, using the latest enterprise wireless LAN security products. The course addresses Wireless LAN Intrusion, Security Policy, and Security Solutions in detail.

Objectives
On completing this course, delegates will be able to:

• Understand in-depth the vulnerabilities inherent in 802.11 wireless networks.
• Demonstrate the risks of Packet Analysis and MAC address Spoofing.
• Demonstrate the dangers of Rogue Hardware and Default Settings for WLAN equipment.
• Demonstrate the effects of RF Jamming and Data Flooding, and describe how to counter these threats.
• Demonstrate the susceptibility of wireless-enabled laptops to Peer attacks and corporate Information Theft.
• Demonstrate the risks posed by Wireless Hijacking and Denial of Service (DoS) attacks.
• Employ Laptop Analysers to analyse 802.11 network operation using industry-leading protocol analysis tools.
• Implement Fast BSS Transitions (FT) between access points in an extended BSS.
• Employ WEP effectively in situations for which WEP is appropriate.
• Demonstrate the vulnerabilities of EAP - Cisco Wireless (LEAP) for secure wireless networking.
• Upgrade current WLAN products and configure them to use Wi-Fi Protected Access (WPA) correctly.
• Implement VLANs using Wireless LAN controllers and Cisco Catalyst layer-2 switches.
• Implement dynamic, role-based VLANs using Microsoft IAS and other RADIUS servers.
• Employ 802.1x with EAP-TLS, EAP-TTLS and Protected EAP (PEAP) for secure, mutual authentication.
• Implement RADIUS authentication using Microsoft Internet Authentication Service (IAS).
• Use X.509 Certificates for strong authentication using Microsoft Certificate Services.
• Implement EAP-TLS, PEAP-MSCHAPv2 and PEAP-EAP-TLS using Microsoft IAS and Microsoft Certificate Services.
• Employ an industry-leading Wireless Intrusion Prevention System (WIPS) for the detection and prevention of wireless network intrusions.
• Design and write Wireless Security Policy into the Corporate IT Security Policy.
• Incorporate a diverse range of advanced, vendor-neutral security solutions into corporate wireless networks.

Hands-on practical labs
LEVER's enhanced CWSPv3 course incorporates unique hands-on practical labs that go far beyond those provided on other standard CWSP courses.

The course features an extensive range of sophisticated hands-on practical labs, accounting for up to 70% of the course time. These advanced WLAN security labs include:

The course features extensive hands-on practical labs, working with WLAN equipment from leading vendors, including Cisco Systems - Autonomous APs and Wireless LAN Controller (WLC)-based networks, Funk Software (RADIUS servers), WildPackets OminPeek, AirMagnet, AirDefense, and more.

WLAN Controller Security

This lab is focused on WLAN controller security, and primarily covers the following areas:

1. Secure access to the WLAN controller using secure management protocols
2. Configuring multiple WLAN profiles, each with its own authentication and cipher suites including WPA/WPA2 Personal and Enterprise
3. Configuring the WLAN controller for RADIUS connectivity and authentication
4. Client station connectivity to the controller - including DHCP and browsing
5. Integrated rogue device discovery

Wireless Intrusion Prevention Systems (WIPS)

1. WIPS installation, licensing, adding/configuring sensors, and secure console connectivity
2. Configuration according to organizational policy
3. Properly classifying authorized, unauthorized, and external/interfering access points
4. Identifying and mitigating rogue devices
5. Identifying specific attacks against the authorized WLAN infrastructure or client stations

Using Laptop Analysers

1. Installing and configuring a WLAN discovery tool
2. Installing, licensing, and configuring a laptop protocol analyzer
3. Installing, licensing, and configuring a laptop spectrum analyzer
4. Locating and analyzing 2.4 GHz and 5 GHz WLANs with a WLAN discovery tool
5. Locating and analyzing 2.4 GHz and 5 GHz WLANs with a WLAN protocol analyzer
6. Capturing and analyzing a WPA2-Personal authentication in a WLAN protocol analyzer
7. Capturing and analyzing a WPA2-Enterprise authentication in a WLAN protocol analyzer
8. Capturing and analyzing Hotspot authentication and data traffic in a WLAN protocol analyzer
9. Capturing and analyzing Beacons, Probe Requests, Probe Responses, and Association Requests with a WLAN protocol analyzer
10. Viewing a normal RF environment, a busy RF environment, and an RF attack on the WLAN in a spectrum analyzer

Fast BSS Transitions (FT)

1. Configure a WLAN infrastructure with two controllers and two APs per controller. Configure APs for specific power and channel settings
2. Install and configure a RADIUS server for PEAP
3. Configure both controllers and an authorized client device for PEAP authentication using the CCMP cipher suite
4. Configure an 802.11 protocol analyzer to capture on a specific channel
5. Using an 802.11 frame generator function, deauthenticate the authorized client station to force intra- and inter-controller roaming
6. Perform a slow BSS transition within a controller as a baseline
7. Enable FT mechanisms within controllers and the client station
8. Perform a fast BSS transition within a controller as a comparison
9. Perform a slow BSS transition between controllers as a baseline
10. Perform a fast BSS transition (if vendor FT mechanisms permit) between controllers as a comparison