AUDIENCE:   This course is designed for experienced networking professionals who wish to gain critical skills in wireless networking security, including how hackers attack networks and the measures that must be employed to prevent them from doing so. This course is appropriate for: Systems and Network Administrators, Systems and Network Engineers, Systems and Network Analysts, Technical Support and Implementation Engineers, IT Security Professionals, Technical Consultants Network Architects. PREREQUISITES:   Delegates should have acquired CWNA certification prior to attending this course. DURATION:   5 days. Hands on. OBJECTIVES:   On completing this course, delegates will be able to: Understand in-depth the vulnerabilities inherent in 802.11 wireless networks. Demonstrate the risks of Packet Analysis and MAC address Spoofing. Demonstrate the dangers of Rogue Hardware and Default Settings for WLAN equipment. Demonstrate the effects of RF Jamming and Data Flooding, and describe how to counter these threats. Demonstrate the susceptibility of wireless-enabled laptops to Peer attacks and corporate Information Theft. Demonstrate the risks posed by Wireless Hijacking and Denial of Service (DoS) attacks. Analyse 802.11 network operation using industry-leading protocol analysis tools. Employ WEP effectively in situations for which WEP is appropriate. Use EAP - Cisco Wireless (LEAP) for secure wireless networking. Upgrade current WLAN products and configure them to use Wi-Fi Protected Access (WPA) correctly. Employ 802.1x with EAP-TLS, EAP-TTLS or Protected EAP (PEAP) for secure, mutual authentication. Employ Cisco LEAP and 802.1x/EAP for secure Wireless bridge links. Employ VPN technologies for layered security in Wireless bridge links. Design and configure Access Point-based VPNs using PPTP, IPSec, VPN Pass-through and VPN Hopping. Configure and demonstrate VPN roaming across access points. Configure and demonstrate SSH2 Tunneling and Local Port Redirection for secure access to systems, applications and services. Employ Scalable Wireless VPN solutions using Industry-leading Layer 2 encryption gateways and the Advanced Encryption Standard (AES). Design and implement Layered Wireless Security using Enterprise Wireless Gateways from Bluesocket and Vernier Networks. Design and write Wireless Security Policy into the Coprorate IT Security Policy. Incorporate a diverse range of advanced, vendor-neutral security solutions into corporate wireless networks. COURSE CONTENT:   All attendees receive hands-on practical experience configuring, testing and implementing a wide variety of Layer 2, and Layer 3 and Layer 7 wireless security solutions using hardware and software from the following vendors: AirMagnet, AirDefense, BlueSocket, Colubris Networks, Cisco Systems, Fortress Technologies, Intermec, Funk Software, Microsoft, Proxim, Orinoco, Symbol Technologies, TamoSoft, Zoom Telephonics, SafeNet, SnapGear, System Tools, Van Dyke Software, WildPackets, IPSwitch, Young Design Risk Assessment Assets to protect Threats to protect against Legal protection Costs Basic security measures Threat analysis Impact analysis Threat Analysis and Hacking Methodology Target profiling Physical security Social engineering Wireless bridges Packet analysis Information theft Malicious data insertion Denial of Service (DoS) Peer-to-peer hacking Unauthorized control Rudimentary security measures SSID MAC filters Static WEP Default configurations Firmware upgrades Physical security Periodic inventory Intermediate Security Measures Rogue equipment Cell sizing Protocol filters SNMP Discovery protocols Wireless segment configuration Remove vulnerabilities Client security IP Services Advanced Security Measures Wireless security policy Authentication and encryption Wireless DMZ and VLANs Audits Traffic pattern analysis Authenticated DHCP Wireless LAN Auditing Tools Discovery tools Password crackers Share enumerators Network management and control Wireless protocol analyzers Manufacturer defaults Password sniffers Antennas and WLAN equipment OS fingerprinting and port scanning Application sniffers Networking utilities Network discovery and management Hijacking users RF Jamming and Data flooding tools WEP crackers Hardware and Software Solutions RADIUS with AAA Support RADIUS Details Kerberos Static and Dynamic WEP and TKIP 802.1x Extensible Authentication Protocol (EAP) VPNs Encryption Schemes Routers Switch-Routers Firewalls MobileIP VPN Solutions Enterprise Wireless Gateways Switches, VLANs, and Hubs SSH2 Tunneling and Port Redirection Thin Client Solutions Prevention and Countermeasures 802.1x 802.11i TKIP AES Intrusion detection US Federal and state laws Implementation and Management Design and implementation Equipment configuration and placement Interoperability and layering Security management