Wireless Networks: Securing

Scheduled Dates (sort by: location | date)

Course Overview

Wireless networks are expanding at a dramatic rate. As organisations provide greater mobility to their users, the risk of threats to information assurance grows and the need for secure networks becomes of paramount concern.

In this course, you gain skills to defend against attacks and maintain security within your wireless network. You learn to detect weakness in your existing network, and design and configure a cost-effective security solution.

Audience

This course is valuable for anyone who manages, operates, audits or implements secure networks. Knowledge of wireless technology at the level of Course 371, " Implementing and Troubleshooting Wi-Fi Networks ", is helpful.

Skills Gained

• Secure wireless networks against threats and attacks
• Analyse and react to wireless denial-of-service (DoS) attacks
• Encrypt your traffic for privacy and authenticity
• Implement WPA and the 802.11i security standards to protect your Wi-Fi network
• Leverage 802.1X and EAP authentication within an enterprise WLAN
• Create a secure roaming infrastructure

Course Outline

Wireless Security Technologies

Security requirements

• Availability
• Confidentiality
• Data integrity
• Authenticity

WLAN operation and standards

• 802.11 (Wi-Fi) standards: .11a, .11b, .11g, .11i, .11e, .11n
• Discovering WLANs using NetStumbler and AirMagnet
• Intercepting Wi-Fi traffic
• Infrastructure models and roaming

Surveying other wireless technologies

• Bluetooth WPANs (802.15)
• WiMAX WWANs (802.16)

Responding to DoS Attacks

Jamming and RF interference

• Identifying interference sources
• Malicious and inadvertent interference

802.11 protocol attacks

• Exploiting the Collision Avoidance (CA) mechanism
• Forcing client de-authentication

Encrypting for Privacy and Authenticity

Contrasting encryption techniques

• Public and secret key cryptography
• Symmetric vs. asymmetric algorithms
• RC4
• AES
• RSA

Guaranteeing message integrity

• Hashing with MD5 and SHA
• Protecting data with digital signatures

Authenticating with digital certificates

• Verifying key ownership
• Chains of authority

Securing Wi-Fi with WPA

WEP authentication and encryption

• Comparing Open and Shared-Key authentication
• Calculating and checking integrity with ICV
• Encrypting with RC4's pseudorandom number generator (PRNG)

Exposing WEP flaws

• Weak initialisation vectors (IVs)
• Dictionary attacks
• Static keys

Providing security with WPA

• Retaining existing hardware
• Correcting WEP deficiencies
• Deploying pre-shared key (PSK) authentication

Ensuring privacy with WPA

• 802.11i key hierarchies
• Rolling keys dynamically with TKIP
• Verifying message integrity with MIC

802.1X Authentication and CCMP

Leveraging the 802.1X standard

• Incorporating EAP messaging techniques
• Transporting EAP messages with RADIUS and EAPOL

Choosing EAP implementations

• EAP-TLS
• EAP-TTLS
• PEAP

Extending WPA to create a robust secure network (RSN)

• Encrypting traffic with AES-CCMP
• Counter mode and CBC-MAC integrity protection in a single operation

Creating Secure WLAN Topologies

Designing the wireless security landscape

• Defining the trusted boundary
• Centralised vs. distributed control
• Enforcing access controls
• Establishing user credentials

Configuring security for roaming

• Maintaining security contexts
• 802.11i pre-authentication
• Roaming in a VPN environment

Evaluating network types

• Public hotspots
• Visitor and guest networks
• Integrated corporate WLAN

Wireless Networks: Securing / 420