The CWSP certification will advance your career by ensuring you have the skills needed to successfully secure enterprise Wi-Fi networks from hackers, no matter what brand of Wi-Fi gear your organization deploys. To earn a CWSP certification, you must hold a current and valid CWNA credential and pass the new CWSP-205 exam.  The successfully completed CWSP-205 exam proves that you understand the security weaknesses inherent in WLANs, the solutions available to address those weaknesses, and the steps necessary to implement a secure and manageable WLAN in an enterprise environment.

The CWSP-205 exam was launched on April 1, 2015, replacing the previous PWO-204 exam.  The new exam covers the following areas:

Wireless LAN Security Subject Area	% of Exam
Wireless Network Attacks and Threat Assessment	20%
Security Policy	5%
Wireless LAN Security Design and Architecture	50%
Monitoring and Management	25%
Total	100%

Associated courses

Enterprise Wi-Fi Security (CWSP) - (Official Study Guide for CWSP-205 will be available in May)

CWSP-205 Objectives

Wireless Network Attacks and Threat Assessment – 20%

• Describe general network attacks common to wired and wireless networks, including DoS, phishing, protocol weaknesses and configuration error exploits.
• Recognize common attacks and describe their impact on WLANs, including PHY and MAC DoS, hijacking, unauthorized protocol analysis and eavesdropping, social engineering, man-in-the- middle, authentication and encryption cracks and rogue hardware.
• Execute the preventative measures required for common vulnerabilities on wireless infrastructure devices, including weak/default passwords on wireless infrastructure equipment and misconfiguration of wireless infrastructure devices by administrative staff.
• Describe and perform risk analysis and risk mitigation procedures, including asset management, risk ratings, loss expectancy calculations and risk management planning.
• Explain and demonstrate the security vulnerabilities associated with public access or other unsecured wireless networks, including the use of a WLAN for spam transmission, malware injection, information theft, peer-to-peer attacks and Internet attacks.

Security Policy - 5%

• Explain the purpose and goals of security policies including password policies, acceptable use policies, WLAN access policies, personal device policies, device management (APs, infrastructure devices and clients) and security awareness training for users and administrators.
• Summarize the security policy criteria related to wireless public access network use including user risks related to unsecured access and provider liability.
• Describe how devices and technology used from outside an organization can impact the security of the corporate network including topics like BYOD, social networking and general MDM practices.

Wireless LAN Security Design and Architecture – 50%

• Describe how wireless network security solutions may vary for different wireless network implementations including small businesses, home offices, large enterprises, public networks and remote access.
• Understand and explain 802.11 Authentication and Key Management (AKM) components and processes including encryption keys, handshakes and pre-shared key management.
• Define and differentiate among the 802.11-defined secure networks, including pre-RSNA security, Transition Security Networks (TSN) and Robust Security Networks (RSN) and explain the relationship of these networks to terms including RSNA, WPA and WPA2.
• Identify the purpose and characteristics of IEEE 802.1X and EAP and the processes used including EAP types (PEAP, EAP-TLS, EAP-TTLS, EAP-FAST and EAP-SIM), AAA servers (RADIUS) and certificate management.
• Recognize and understand the common uses of VPNs in wireless networks, including remote APs, VPN client access, WLAN controllers and cloud architectures.
• Describe, demonstrate, and configure centrally-managed client-side security applications, including VPN client software and policies, personal firewall software, mobile device management (MDM) and wireless client utility software.
• Describe and demonstrate the use of secure infrastructure management protocols, including HTTPS, SNMP, secure FTP protocols, SCP and SSH.
• Explain the role, importance, and limiting factors of VLANs and network segmentation in an 802.11 WLAN infrastructure.
• Understand additional security features in WLAN infrastructure and access devices, including management frame protection, Role-Based Access Control (RBAC), Fast BSS transition (pre- authentication and OKC), physical security methods and Network Access Control (NAC).
• Explain the purpose, methodology, features, and configuration of guest access networks and BYOD support, including segmentation, guest management, captive portal authentication and device management.

Monitoring, Management, and Tracking – 25%

• Explain the importance of ongoing WLAN monitoring and the necessary tools and processes used as well as the importance of WLAN security audits and compliance reports.
• Understand how to use protocol and spectrum analyzers to effectively evaluate secure wireless networks including 802.1X authentication troubleshooting, location of rogue security devices and identification of non-compliant devices.
• Understand the command features and components of a Wireless Intrusion Prevention Systems (WIPS) and how they are used in relation to performance, protocol, spectrum and security analysis.
• Describe the different types of WLAN management systems and their features, including network discovery, configuration management, firmware management, audit management, policy enforcement, rogue detection, network monitoring, user monitoring, event alarms and event notifications.
• Describe and implement compliance monitoring, enforcement, and reporting. Topics include industry requirements, such as PCI-DSS and HIPAA, and general government regulations.

‹ back