Shopping cart
There are no products in your cart.
Log in


Certified Wireless Security Engineer Wireless

Course Overview

4 Days $3,000 32 CPE Credits


Wireless networks offer many conveniences that are not available in wired networks, but there are security risk associated with those conveniences that businesses need to understand. The Certified Wireless Security Engineer is prepared to identify those risk that wireless networks present for a business and to create and implement a plan to mitigate those risk.

The C)WSE course will give students real-world experience with solving security vulnerabilities in wireless networks. This is accomplished by students completing hands-on lab exercises with the tools and methodologies that actual malicious hackers use to compromise wireless networks.


Upon Completion

Students will:

    • Have knowledge to detect wireless security threats and risk.
    • Have knowledge to design and implement a solution to mitigate risk and threats.
    • Be ready to sit for the C)WSE certification exam.


Course Content

The C)WSE is a four day course that will cover wireless network security. It is comprised of 11 Modules. During the course students will perform various labs that will fascilitate developing the skills necessary to implement the solutions being learned.

The course kit includes:

C)WSE Student Workbook (330 pages) Key Concepts/Definitions Booklet
Certificate of completion Mile2® T-shirt & Pen

Click on a module its agenda.

1: WLAN Security Overview

Standards Organization
OSI Layers (ISO Standard)
802 Project (IEEE)
ISOC Hierarchy (IETF)
Wi-Fi Alliance
Wi-Fi Certified Programs
802.11 Security Basics
802.11 Security History

2: Legacy Security

Authentication Open System Authentication
Authentication Open System and 802.1X/EAP
Authentication Shared Key
Static WEP and IV Key
WEP Transmission Key
WEP Encryption Process
Common WEP Attacks
VPN and WLAN Client Access
VPN Comparison
Aggressive Mode PSK Attacks
Aggressive PSK Cracking
MAC Filters Changing a MAC Address
SSID Segmentation
SSID Cloaking

3: Encryption Ciphers and Methods

Cryptographic Definitions
Encryption Algorithm
Symmetric Encryption
Symmetric Downfalls
Symmetric Algorithms
Crack Times
Asymmetric Encryption
Public Key Cryptography Advantages
Asymmetric Algorithm Disadvantages
Asymmetric Algorithm Examples
Key Exchange
Symmetric versus Asymmetric
Using the Algorithm Types Together
Attack Vectors
WLAN Encryption Methods
MAC Protocol Data Unit (MSDU)
WEP Encryption Process
WEP Decapsulation
TKIP Modification to WEP
TKIP Cryptographic Encapsulation
TKIP Decapsulation
Additional Authentication Data
CCMP Encapsulation
CCMP Decapsulation

4: Layer 2 Authentication Methods in Enterprise Networks

Types of Credentials
Examples of Credentials
802.1X Components
Supplicant Types
WLAN Bridging and 802.1X
Authentication Proxy
Typical Authentication Servers
Supplicant Identity Credential
Legacy Authentication Protocols
Extensible Authentication Protocol
EAPOL Messages
802.11 Association and 802.1X/EAP
Generic EAP Exchange
Weak EAP Protocols
Strong EAP Protocols
EAP-PEAP Process
EAP-TTLS Process
EAP-TLS Process
EAP-FAST Process
EAP Comparison Chart
EAP Methods for Cellular Networks

5: 802.11 Layer 2 Dynamic Encryption Key Generation

802.1X/EAP and Dynamic Keys
Dynamic WEP Process
Robust Security Network Associations
RSNA in IBSS (Ad-hoc)
RSN Information Element
RSNIE (Cipher Suites)
AKM Overview
AKM Discovery
AKM Master Key Generation
AKM Temporal Key Generation
RSN Key Hierarchy
Master Keys
Pairwise Key Hierarchy
Group Key Hierarchy
4-way Handshake
Group Key Handshake
Station to Station Link (STSL)
RSNA Security Associations
WPA/WPA2 Personal
Passphrase to PSK Mapping
Roaming and Dynamic Keys

6: SOHO 802.11 Security

WPA/WPA2 Personal
Pre-shared Keys (PSK) and Passphrases
WPA/WPA2 Personal Risks
Wi-Fi Protected Setup (WPS)
WPS Architecture
Setup Options
Configuration Modes
Guidelines and Requirements for PIN
PBC Demonstration
SOHO Security Best Practices

7: Fast Secure Roaming

Client Roaming Thresholds
AP-to-AP Re-association
Problems with Autonomous AP-to-AP Roaming
PMKSA without Fast Roaming
PMK Caching
Opportunistic PMK Key Caching (OKC)
Proprietary FSR CCKM
Fast BSS Transition
FT Protocols
Message Exchange Methods
Key Holders
Key Hierarchy
FT Key hierarchy-WLAN controller
FT Key hierarchy-Supplicant
Information Elements
Fast BSS transition information element
FT Initial Mobility Domain Association
Over-the-air Fast BSS Transition
Over: the: DS Fast BSS Transition
Fast BSS Transition Summary
Wi-Fi Voice Personal and Enterprise
Enterprise Grade Voice over Wi-Fi Requirement
Features Required
Layer3 Roaming
Mobile IP
Single Channel
Architecture (SCA) Roaming

8: Common Attacks

Unauthorized Rogue Access Rogue Devices
Bridged Ad Hoc (IBSS)
Attacks which can be launched through rogue AP
Rogue AP Attack Risks
Rogue AP Prevention
Eavesdropping Risks
Eavesdropping Prevention
Authentication Attacks
Denial of Service Attacks
MAC Spoofing
Wireless Hijacking (Evil Twin Attack)
Encryption Cracking
Peer-to-peer attacks
Management Interface Exploits
Vendor Proprietary Attacks
Physical Damage and Theft
Social Engineering Attacks
Public Access and WLAN Hotspots

9: Auditing WLAN Security

What is Security Audit?
2.4 GHz ISM Interferers
Narrow Band Interference
Wide Band Interference
All-Band Interference
OSI Layer2 Audit
List of L2 Information collection
Layer2 Protocol Analyzer
Penetration Testing
Wired Infrastructure Audit
Social Engineering Audit
WIPS Audit
Documenting the Audit
Documents required prior to audit
Example Recommendations
WLAN Toolkit of an Auditor
Common Software Tools
Automated Tool (SILICA)

10: Wireless Security Monitoring

WIDS / WIPS Infrastructure Components
WIDS/WIPS Architecture Models
Integrated WIDS/WIPS
Integrated-Enabled WIDS/WIPS
Wireless Network Management System
Sensor Placement
Device Classification
Rouge Detection
Rogue Types
Rogue Mitigation
Device Tracking
Device Tracking Techniques
WIDS/WIPS Signature Analysis
WIDS/WIPS Behavioral Analysis
WIDS/WIPS Protocol Analysis
WIDS/WIPS Spectrum Analysis
WIDS/WIPS Forensics Analysis
WIDS/WIPS Performance Analysis
Policy Enforcement
Types of Alarms and Notifications
Severity Levels of
Alarms and Notifications
Typical Notification Tools
802.11n Security Concerns
Management Frame Protection
802.11w Shared Secret Key

11: WLAN Security

Wireless Infrastructure Components
Autonomous AP
WLAN Controllers
WLAN-VLAN Assignment
WLAN-Dynamic VLAN Assignment
Split MAC
Mesh Networks
WLAN Bridging
Hybrid WLAN APs
Dynamic RF
Hot Standby/Failover
Device Management
Management Protocols
Radius Features and Components
Radius Integration
EAP Type Selection
Deployment Architectures and Scaling
Built-in RADIUS Servers
Timer Values
CA Hierarchy


Class Format Options

Mile2 offers courses around the year and around the globe. You can attend a course in 3 ways:

    1. Instructor-led Classroom: Attend in person.
    2. Live-virtual Training: Attend the Instructor-led class remotely.


Who Should Attend

The Certified Wireless Security Engineer course is designed for those have a background in networking and understand basic security. It's ideal for someone who has a year or more experience in networking technologies. Students can also prepare to take this course by taking the C)ISSO: Information Systems Security Officer course and certification exam.


Exam Information

The Certified Wireless Security Engineer Certification Exam is taken online through Mile2’s Assessment and Certification System (“MACS”), which is accessible on your mile2.com account. The exam will take 2 hours and consist of 100 multiple choice questions. The cost is $300 USD and must be purchased from the store on Mile2.com

Purchase the exam