Course benefits
This unique course provides detailed, hands-on instruction in the detection, assessment and security of 802.11 wireless networks. During the course, a range of tools and techniques are introduced, which are not documented by the manufacturers of 802.11 wireless LAN products.
Objectives
On completing this course you will be able to:
- Explain both the documented and undocumented security vulnerabilities that are immediately created in every organisation when 802.11 wireless networks are introduced.
- Describe in detail the types of attacks that occur.
- Demonstrate practical 802.11 security vulnerabilities.
- Detect authorised and unauthorised 802.11 wireless networks and access points.
- Assess their security vulnerabilities using the latest 802.11 audit tools.
- Secure 802.11 (Wi-Fi) wireless networks using state-of-the-art techniques.
- Implement advanced intrusion detection, auditing and logging facilities for Wi-Fi networks.
- Perform an 802.11 security site survey (WiFi Security Audit).
In-class demos
This unique and Authoritative Wi-Fi security training course incorporates a range of industry-leading live demos, including:
- Live hacking into "secured" Wi-Fi networks.
- Live hacking into Wi-Fi-enabled laptops.
- WLAN Denial of Service attacks (DoS).
- Wireless Packet Sniffing and Security Analysis.
- Employing third-party Supplicant software.
- Employing an Enterprise Wireless Gateway (EWG).
- Employing Wireless VLANs.
- Configuring secure fast roaming.
- Employing Wireless Intrusion Detection Systems (WIDS) and WIPS.
Hands-on practical labs
This short-duration WiFi security course delivers high value by covering a broad range of subjects in just two days. Hands-on practical time is therefore limited, however a range of high-value demonstrations are included in the course and students are invited to particpate in these during break times.
For in-depth hand-on practical, students should attend LEVER's uniquesly upgraded 5-day Course CWSP: Certified Wireless Security Professional (CWSP) course.
Student hands-on practical labs in this WiFi security course include:
- Configuring WPA Personal authentication (WPA-PSK).
- Configuring WPA Enterprise authentication
- Employing RADIUS services.
- Configuring and Optimising PEAP-based authentication.
- Auditing the security of Wi-Fi networks and User Sessions.
Who should attend?
- IT professionals who are responsible for designing or implementing secure wireless networks.
- Security professionals concerned about the weaknesses of wireless networks.
- Penetration testers wanting to perform wireless network security assessments.
- Auditors wanting to evaluate wireless networks, to ensure they comply with an organisation's Security Policy.
- IT Security Managers.
- IT Security Auditors.
- Anyone concerned with the security of their organisation
- IT professionals wanting to move into the rapidly growing wireless networks industry.
Pre-requisites
Attendance on course 610 - Implementing Wi-Fi Wireless Networks, or equivalent experience with Wi-Fi network planning and implementation.
Certification
For people seeking Certified Wi-Fi Professional (CWNA and CWSP certification), the following courses are most appropriate:
|
WiFi Security Course 611: Content
The vulnerabilities of 802.11 WLANs
- Open Access Points
- Unencrypted networks
- The weaknesses of WEP
- Available hacking tools
Wireless LAN Auditing Tools
Discovery tools
Password crackers
Share enumerators
Network management and control
Wireless protocol analyzers
Manufacturer defaults
Password sniffers
Antennas and WLAN equipment
OS fingerprinting and port scanning
Application sniffers
Networking utilities
Network discovery and management
Hijacking users
RF Jamming and Data flooding tools
WEP crackers
The current state of the art
Demo: Practical Hacking into
802.11 Wi-Fi Networks
WiFi Security Myths
Why the following DON'T work:
- Reducing power output / RF leakage
- Hiding the SSID
- MAC filters
- Static WEP
- Periodic security audit
Understanding Network Security
Understanding:
- Authentication
- Encryption and Data Privacy
- Data Integrity
- Security attacks: active, passive, MITM, etc.
- Keystream reuse attacks
- Decryption dictionaries
- Attacks involving message authentication
- Message modification
- Message injection
- Authentication spoofing
- Message decryption
Review of 802.11 WLAN security
Authentication and association
Encryption
Wired Equivalence Privacy (WEP)
The vulnerabilities of WEP
Practical WEP Cracking
|
Understanding Wi-Fi Protected Access (WPA)
WPA version 1
"Personal" Security
WPA Pre-Shared KEY (WPA-PSK)
How to choose a Passphrase
Disadvantages of WPA-PSK
"Enterprise" Security
WPA version 2
802.11i Robust Security Networks (RSN)
TKIP, RC4, MIC
Understanding Temporal Key Integrity Protocol (TKIP)
AES, CCMP
Counter mode with CBC-MAC (CCMP)
Authentication with 802.1X and EAP
Extensible authentication protocol
Understanding 802.1x and EAP
Commonly-employed EAP types:
- LEAP (EAP Cisco Wireless)
- EAP-TLS
- EAP-PEAP
- EAP-TTLS
- EAP-GTC
- EAP-FAST
Configuring the Supplicant
Configuring and Managing Windows XP Clients
Using Vendor-supplied clients and utilities
Using third-party Supplicant software:
- Juniper (Funk) Odyssey Client
Implementing RADIUS Authentication
Commercial RADIUS servers
Using Microsoft IAS
Using FreeRADIUS
Alternative and Complementary Security Architectures
Overlay security networks
Centralised Management tools
Using VPN over wireless
Using SSL over wireless
Enterprise Encryption Gateways (EEG)
Enterprise Wireless Gateways (EWG)
Your Wi-Fi security policy
802.11 and corporate security policies
Security policy recommendations
Auditing your WiFi networks:
- Audit checklist
- Audit toolkit
The future challenges of 802.11n and security
|