Contenuti dettagliati del Corso
Hands-On Lab Exercises:
WLAN Controller Security
- Secure access to the WLAN controller using secure management protocols
- Configuring multiple WLAN profiles, each with its own authentication and cipher suites including WPA/WPA2 Personal and Enterprise
- Configuring the WLAN controller for RADIUS connectivity and authentication
- Client station connectivity to the controller – including DHCP and browsing
- Integrated rogue device discovery
Wireless Intrusion Prevention Systems (WIPS)
- WIPS installation, licensing, adding/configuring sensors, and secure console connectivity
- Configuration according to organizational policy
- Properly classifying authorized, unauthorized, and external/interfering access points
- Identifying and mitigating rogue devices
- Identifying specific attacks against the authorized WLAN infrastructure or client stations
Using Laptop Analyzers
- Installing and configuring a WLAN discovery tool
- Installing, licensing, and configuring a laptop protocol analyzer
- Installing, licensing, and configuring a laptop spectrum analyzer
- Locating and analyzing 2.4 GHz and 5 GHz WLANs with a WLAN discovery tool
- Locating and analyzing 2.4 GHz and 5 GHz WLANs with a WLAN protocol analyzer
- Capturing and analyzing a WPA2-Personal authentication in a WLAN protocol analyzer
- Capturing and analyzing a WPA2-Enterprise authentication in a WLAN protocol analyzer
- Capturing and analyzing Hotspot authentication and data traffic in a WLAN protocol analyzer
- Capturing and analyzing Beacons, Probe Requests, Probe Responses, and Association Requests with a WLAN protocol analyzer
- Viewing a normal RF environment, a busy RF environment, and an RF attack on the WLAN in a spectrum analyzer
Fast Secure Roaming
- Configure a WLAN infrastructure with two controllers and two APs per controller. Configure APs for specific power and channel settings
- Install and configure a RADIUS server for PEAP
- Configure both controllers and an authorized client device for PEAP authentication using the CCMP cipher suite
- Configure an 802.11 protocol analyzer to capture the BSS transition
- Perform a slow BSS transition within a controller as a baseline
- Enable FSR mechanisms within controllers and the client station
- Perform a fast BSS transition within a controller as a comparison
- Perform a slow BSS transition between controllers as a baseline
- Perform a fast BSS transition (if vendor FSR mechanisms permit) between controllers as a comparison
Course Outline
Introduction to WLAN Security Technology
- Security policy
- Security concerns
- Security auditing practices
- Application layer vulnerabilities and analysis
- Data Link layer vulnerabilities and analysis
- Physical layer vulnerabilities and analysis
- 802.11 security mechanisms
- Wi-Fi Alliance security certifications
Small Office / Home Office WLAN Security Technology and Solutions
- WLAN discovery equipment and utilities
- Legacy WLAN security methods, mechanisms, and exploits
- Appropriate SOHO security
WLAN Mobile Endpoint Security Solutions
- Personal-class mobile endpoint security
- Enterprise-class mobile endpoint security
- User-accessible and restricted endpoint policies
- VPN technology overview
Branch Office / Remote Office WLAN Security Technology and Solutions
- General vulnerabilities
- Preshared Key security with RSN cipher suites
- Passphrase vulnerabilities
- Passphrase entropy and hacking tools
- WPA/WPA2 Personal – how it works
- WPA/WPA2 Personal – configuration
- Wi-Fi Protected Setup (WPS)
- Installation and configuration of WIPS, WNMS, and WLAN controllers to extend enterprise security policy to remote and branch offices
Enterprise WLAN Management and Monitoring
- Device identification and tracking
- Rogue device mitigation
- WLAN forensics
- Enterprise WIPS installation and configuration
- Distributed protocol analysis
- WNMS security features
- WLAN controller security feature sets
Enterprise WLAN Security Technology and Solutions
- Robust Security Networks (RSN)
- WPA/WPA2 Enterprise – how it works
- WPA/WPA2 Enterprise – configuration
- IEEE 802.11 Authentication and Key Management (AKM)
- 802.11 cipher suites
- Use of authentication services (RADIUS, LDAP) in WLANs
- User profile management (RBAC)
- Public Key Infrastructures (PKI) used with WLANs
- Certificate Authorities and x.509 digital certificates
- RADIUS installation and configuration
- 802.1X/EAP authentication mechanisms
- 802.1X/EAP types and differences
- 802.11 handshakes
- Fast BSS Transition (FT) technologies