Wireless Network Security

Course 226

 Request information about bringing this course to your site.

Summary

This three-day course is an experiment-oriented course that focuses on security aspects in computer and telecommunication systems. The course will cover aspects related to security policies and mechanisms, access control mechanisms (role-based, DAC, MAC, and ORCON), data encryption standards (DES, AES, Blowfish, RC4, and PKI), key management and authentication mechanisms, digital signatures (x509), message authentication codes, malicious logic (viruses, trojan horses), IPSEC, firewalls, VPN, as well as the 5 phases of a computer security attack (attack reconnaissance, scanning, gaining access, maintaining access, and covering tracks). Experiments will be conducted to show cryptanalysis techniques, x509 certificate generation, how to configure and manipulate firewalls, and all phases of a cyber attack that end in taking control of victim machine. Experiments will also be prepared to show how to break IEEE 802.11 WEP keys, launch denial of service (DoS) attacks on IEEE 802.11 networks, and how to properly secure wireless LANs using the IEEE 802.11i standard.

Students are encouraged to bring their laptop computers to class in order to participate in the exercises.

Learning objectives

Upon completing the course you will be able to:

  • Understand security policies and mechanisms and their different types.
  • Understand the basic concept of operation of cryptosystems (i.e. SPNs, confusion and diffusion).
  • Understand the key generation functionalities and attacks against key exchange protocols.
  • Describe the basic operation of IPSEC, firewalls, and VPNs.
  • Understand the different types of malicious logic and their basic concept of operation.
  • Describe the different types of threats, the phases of a cyber attack, and defense techniques against each phase.
  • Describe the security failures within the IEEE 802.11 protocol and how to properly secure WLANs using the IEEE 802.11i standard.

Target Audience

Professionals such as engineers, product developers, managers, security officers, city/state government or law enforcement professional, and network administrators who have a special interest in quickly getting up to speed with computer and telecommunication security concepts.

Outline

Day One

Introduction
 • Basic components of computer security • Threats • Risk analysis • Design principles of security policies
Access Control
 • Access control mechanisms, lists, and capabilities • Mandatory access control • Discretionary access control • Role-based access control • Attribute-base access control
Security Policies
 • Confidentiality policies • Integrity policies • Hybrid policies

Day Two

Cryptosystems
 • Basic cryptography and ciphers techniques • DES • AES • Blowfish • RC4 • Cryptanalysis • PKI • Hashing • Cryptographic checksums • Key management
Authentication Mechanisms
 • Password-based • Token-based • One-time passwords
Malicious Logic
 • Viruses, trojan horses, bacteria, logic bombs

Day Three

Telecom Security
 • Firewalls, VPN, IPSEC
Phases of a Cyber Attack
 • Attack preparation • Target scanning • Buffer overflow • Integer overflow • SQL injection • Cross-site scripting • Man-in-the-middle attacks • Denial of service attacks • Backdoors • Botnets • Covering tracks and flux networks
Defense Techniques
 • Vulnerability scanning and network mapping • Firewall settings • Patching • IDS