Overview

This 2 day wireless security training course provides you with an understanding of the evolution of wireless security, how hackers bypass wireless security, implementing wireless security measures, and the cryptographic principles behind the protocols and the attacks. As wireless technologies become ever more pervasive, the need to consider the risks they present should form part of any information security policy, therefore the course teaches the underlying principles so that ​you leave not only with an understanding of the current scene but also better prepared as the world of wireless inevitably changes. Hands-on exercises reinforce theory with practice, allowing delegates to see the methods work for themselves.

Delegates who successfully complete the exam included at the end will be awarded the CWSA qualification

Prerequisites

  • A basic understanding of TCP/IP networking, e.g.
  • Are you familiar with the OSI model? Can you name a layer 2 and layer 3 protocol?
  • Can you describe at a high-level how a request reaches a web server through Ethernet, IP and TCP?
  • What function does ARP perform?
  • How does a system know whether or not a gateway is required?
  • Basic familiarity with the Windows or Linux command line, e.g.
  • What's the difference between a command and its switches?
  • Can you navigate the file system using commands?
  • Can you display network configuration information, etc?
  • Previous attendance of CSTA is not essential but if you are planning to do both courses it is recommended to do CSTA before CWSA
  • There are no mathematical prerequisites

Outline

  • 802.11 Wi-Fi fundamentals
  • Wardriving - access points and stations
  • Traffic sniffing
  • Denial of service
  • Rogue Access Points - inside and out
  • Rogue stations
  • Circumventing MAC filtering
  • Symmetric key cryptography - stream and block ciphers, RC4 and AES
  • WEP
  • 802.11i and WPA/WPA2
  • TKIP and CCMP
  • Wi-Fi Protected Setup (WPS) flaws
  • Client-side (i.e. non Access Point) threats and attacks
  • EAP, 802.1X and RADIUS
  • Public key cryptography