1 00:00:00,060 --> 00:00:00,900 In this lesson 2 00:00:00,900 --> 00:00:03,180 we're going to talk about wireless security. 3 00:00:03,180 --> 00:00:05,910 Our wireless networks offer us a lot of convenience, 4 00:00:05,910 --> 00:00:07,920 but they also bring a ton of security risk, 5 00:00:07,920 --> 00:00:09,690 because unlike a wired network, 6 00:00:09,690 --> 00:00:11,520 as long as an attacker's within the footprint 7 00:00:11,520 --> 00:00:12,930 of that wireless signal, 8 00:00:12,930 --> 00:00:14,070 they're going to be able to connect to it 9 00:00:14,070 --> 00:00:16,440 with their smartphone, tablet, or laptop 10 00:00:16,440 --> 00:00:18,570 unless you take some precautions. 11 00:00:18,570 --> 00:00:20,010 To best protect your network, 12 00:00:20,010 --> 00:00:21,690 you need to ensure that your wireless devices 13 00:00:21,690 --> 00:00:22,830 are properly authenticated 14 00:00:22,830 --> 00:00:25,290 when they attempt to connect to your wireless access points, 15 00:00:25,290 --> 00:00:26,640 and that your wireless access points 16 00:00:26,640 --> 00:00:29,430 are securing any data that they're sending or receiving 17 00:00:29,430 --> 00:00:31,020 by properly encrypting that data 18 00:00:31,020 --> 00:00:33,360 as it moves across your wireless network. 19 00:00:33,360 --> 00:00:34,800 Now, when it comes to authentication 20 00:00:34,800 --> 00:00:36,060 in your wireless networks, 21 00:00:36,060 --> 00:00:38,730 we're usually going to rely on two different mechanisms, 22 00:00:38,730 --> 00:00:42,390 a pre-shared key or an enterprise authentication system. 23 00:00:42,390 --> 00:00:45,300 Now, a pre-shared key, also known as A PSK, 24 00:00:45,300 --> 00:00:47,190 is a mode of security authentication 25 00:00:47,190 --> 00:00:48,840 where the same password or key 26 00:00:48,840 --> 00:00:51,240 is being used on both the wireless access point 27 00:00:51,240 --> 00:00:52,893 and any connecting client devices 28 00:00:52,893 --> 00:00:55,320 that are trying to gain access to your network. 29 00:00:55,320 --> 00:00:58,230 This shared key is typically going to be a string of characters 30 00:00:58,230 --> 00:00:59,520 and it's set up in advance, 31 00:00:59,520 --> 00:01:01,980 and then used to establish a secure communication link 32 00:01:01,980 --> 00:01:03,570 between the client devices 33 00:01:03,570 --> 00:01:06,390 and employing encryption to protect the transmitted data 34 00:01:06,390 --> 00:01:08,490 as it goes to and from those client devices 35 00:01:08,490 --> 00:01:10,230 from the access point. 36 00:01:10,230 --> 00:01:12,420 Now, you're probably familiar with a pre-shared key 37 00:01:12,420 --> 00:01:14,550 because if you're watching this video at home, 38 00:01:14,550 --> 00:01:16,650 you probably logged onto your home network 39 00:01:16,650 --> 00:01:18,210 using the same network password 40 00:01:18,210 --> 00:01:19,380 to connect to your home's Wi-Fi 41 00:01:19,380 --> 00:01:21,180 as everyone else in your home, 42 00:01:21,180 --> 00:01:24,330 and that means you're all using a pre-shared key. 43 00:01:24,330 --> 00:01:26,250 Now, unfortunately, there are a few problems 44 00:01:26,250 --> 00:01:27,570 when you're using a pre-shared key 45 00:01:27,570 --> 00:01:29,310 for your authentication mechanisms 46 00:01:29,310 --> 00:01:31,680 when you connect to a given wireless network. 47 00:01:31,680 --> 00:01:32,970 With a pre-shared key, 48 00:01:32,970 --> 00:01:35,700 scalability becomes a big problem for us. 49 00:01:35,700 --> 00:01:37,200 Let's pretend that you work in an office 50 00:01:37,200 --> 00:01:39,090 and there are 50 different employees there 51 00:01:39,090 --> 00:01:40,290 and they all need to be connected 52 00:01:40,290 --> 00:01:42,210 to the company's wireless network. 53 00:01:42,210 --> 00:01:44,370 Well, if you're using a pre-shared key, 54 00:01:44,370 --> 00:01:47,070 every employee is going to be given that secret password 55 00:01:47,070 --> 00:01:49,830 that's going to act as the pre-shared key for that network. 56 00:01:49,830 --> 00:01:52,200 Distributing this securely is going to be one challenge, 57 00:01:52,200 --> 00:01:54,720 and then keeping it secure is going to be yet another challenge 58 00:01:54,720 --> 00:01:57,600 because 50 people know that secret key. 59 00:01:57,600 --> 00:01:59,280 For example, I could go around 60 00:01:59,280 --> 00:02:01,020 and hand each employee a piece of paper 61 00:02:01,020 --> 00:02:02,820 with a pre-shared key written on it, 62 00:02:02,820 --> 00:02:05,220 and then they can use that to connect to our network. 63 00:02:05,220 --> 00:02:06,960 But if we come to work tomorrow 64 00:02:06,960 --> 00:02:08,880 and we had to fire one of our employees, 65 00:02:08,880 --> 00:02:11,160 well now we're going to have to change the pre-shared key 66 00:02:11,160 --> 00:02:12,270 for everyone 67 00:02:12,270 --> 00:02:13,380 because that fired employee 68 00:02:13,380 --> 00:02:14,580 could still access the network 69 00:02:14,580 --> 00:02:15,960 using the pre-shared key 70 00:02:15,960 --> 00:02:17,700 because every employee in the company 71 00:02:17,700 --> 00:02:20,310 knew the pre-shared key that we were using. 72 00:02:20,310 --> 00:02:22,140 Another challenge with pre-shared keys 73 00:02:22,140 --> 00:02:24,690 is that there is no individual user accountability 74 00:02:24,690 --> 00:02:27,930 because every user is using the exact same key. 75 00:02:27,930 --> 00:02:28,920 This makes it challenging 76 00:02:28,920 --> 00:02:30,600 to determine which user on the network 77 00:02:30,600 --> 00:02:31,710 took which action, 78 00:02:31,710 --> 00:02:34,350 because we're not individually logging them onto the network 79 00:02:34,350 --> 00:02:36,960 using a unique username and password. 80 00:02:36,960 --> 00:02:38,340 Now, because of all of this, 81 00:02:38,340 --> 00:02:41,040 using a pre-shared key in a large office environment 82 00:02:41,040 --> 00:02:43,230 is just not going to be practical or effective 83 00:02:43,230 --> 00:02:44,340 most of the time. 84 00:02:44,340 --> 00:02:45,173 So instead, 85 00:02:45,173 --> 00:02:46,006 we're going to have to use 86 00:02:46,006 --> 00:02:48,240 an enterprise authentication mechanism instead 87 00:02:48,240 --> 00:02:49,410 that can offer us the ability 88 00:02:49,410 --> 00:02:51,300 to use individual user credentials 89 00:02:51,300 --> 00:02:53,640 and more robust security protocols. 90 00:02:53,640 --> 00:02:57,360 To do this, we're going to use an 802.1X authentication system 91 00:02:57,360 --> 00:02:58,980 because this is one of the most widely used 92 00:02:58,980 --> 00:03:01,680 enterprise grade authentication methods out there, 93 00:03:01,680 --> 00:03:03,960 and it's going to rely on an authentication server 94 00:03:03,960 --> 00:03:04,800 like a RADIUS 95 00:03:04,800 --> 00:03:07,950 or remote authentication dialing user service server 96 00:03:07,950 --> 00:03:09,840 to manage our user credentials. 97 00:03:09,840 --> 00:03:11,610 When we're using this type of system, 98 00:03:11,610 --> 00:03:13,560 users have to authenticate individually 99 00:03:13,560 --> 00:03:15,390 using their own username and password 100 00:03:15,390 --> 00:03:16,740 or a digital certificate 101 00:03:16,740 --> 00:03:19,170 to uniquely identify them on the network, 102 00:03:19,170 --> 00:03:21,660 and this in turn provides us with better security 103 00:03:21,660 --> 00:03:24,030 and the ability to conduct user tracking. 104 00:03:24,030 --> 00:03:25,890 So, now that we understand the basics 105 00:03:25,890 --> 00:03:27,390 of using a pre-shared key 106 00:03:27,390 --> 00:03:29,610 or using 802.1X for authenticating 107 00:03:29,610 --> 00:03:31,020 to our wireless networks, 108 00:03:31,020 --> 00:03:32,790 let's take a look at the different security 109 00:03:32,790 --> 00:03:34,020 and encryption options 110 00:03:34,020 --> 00:03:36,180 that we can utilize in our wireless networks, 111 00:03:36,180 --> 00:03:39,365 including WEP, WPA, WPA2, 112 00:03:39,365 --> 00:03:40,448 WPA3 and WPS. 113 00:03:41,880 --> 00:03:43,470 First we have WEP. 114 00:03:43,470 --> 00:03:45,900 WEP stands for the Wired Equivalent Privacy, 115 00:03:45,900 --> 00:03:47,790 and it was the original wireless security standard 116 00:03:47,790 --> 00:03:50,490 that was introduced all the way back in 1999 117 00:03:50,490 --> 00:03:53,580 with the very first version of Wi-Fi networks. 118 00:03:53,580 --> 00:03:56,250 WEP claimed that it was as secure as a wired network, 119 00:03:56,250 --> 00:03:57,480 and that's why it was given the name 120 00:03:57,480 --> 00:03:59,220 Wired Equivalent Privacy. 121 00:03:59,220 --> 00:04:01,470 But the truth is, it is not secure, 122 00:04:01,470 --> 00:04:03,660 and these days you should never, ever, 123 00:04:03,660 --> 00:04:05,850 not ever use WEP in your networks, 124 00:04:05,850 --> 00:04:08,730 because it is an extremely insecure protocol. 125 00:04:08,730 --> 00:04:10,950 Now, WEP relies on a pre-shared key, 126 00:04:10,950 --> 00:04:12,780 and this pre-shared key was originally designed 127 00:04:12,780 --> 00:04:14,850 to be a static 40-bit key. 128 00:04:14,850 --> 00:04:17,100 This means it's a very small key size, 129 00:04:17,100 --> 00:04:19,260 and therefore it's going to be pretty easy to brute force 130 00:04:19,260 --> 00:04:21,360 or guess using a modern computer. 131 00:04:21,360 --> 00:04:23,520 Over time, To make WEP more secure, 132 00:04:23,520 --> 00:04:26,760 they increased the key size from 40 bits to 64 bits 133 00:04:26,760 --> 00:04:28,590 and then up to 128 bits, 134 00:04:28,590 --> 00:04:30,870 which is a decent size for a key. 135 00:04:30,870 --> 00:04:31,950 Now, this helps to alleviate 136 00:04:31,950 --> 00:04:34,080 that small key size vulnerability, 137 00:04:34,080 --> 00:04:37,500 but WEP also relies on a weak encryption mechanism 138 00:04:37,500 --> 00:04:39,320 known as RC4 139 00:04:39,320 --> 00:04:41,040 or the Rivest Cipher 4 140 00:04:41,040 --> 00:04:42,900 to encrypt the data being sent and received 141 00:04:42,900 --> 00:04:45,570 over a WEP protected wireless network. 142 00:04:45,570 --> 00:04:47,550 Now, unfortunately, the use of RC4 143 00:04:47,550 --> 00:04:50,670 and that longer 128-bit pre-shared key 144 00:04:50,670 --> 00:04:51,750 didn't really solve 145 00:04:51,750 --> 00:04:53,910 another fundamental challenge within WEP, 146 00:04:53,910 --> 00:04:57,270 which is known as the initialization vector vulnerability. 147 00:04:57,270 --> 00:04:58,530 Now, the way WEP works 148 00:04:58,530 --> 00:05:01,290 is it uses a 24-bit initialization vector, 149 00:05:01,290 --> 00:05:03,210 also known as an IV. 150 00:05:03,210 --> 00:05:06,270 This is just a series of 24 ones and zeros 151 00:05:06,270 --> 00:05:08,640 that's sent in plain text over the network. 152 00:05:08,640 --> 00:05:10,290 Now, if an attacker can capture enough 153 00:05:10,290 --> 00:05:12,000 of these initialization vectors, 154 00:05:12,000 --> 00:05:13,350 they can actually reverse engineer 155 00:05:13,350 --> 00:05:14,940 and crack your encryption key, 156 00:05:14,940 --> 00:05:16,890 and then guess your pre-shared key 157 00:05:16,890 --> 00:05:19,590 that's being used as the password in your WEP network. 158 00:05:19,590 --> 00:05:22,740 In fact, using a software tool like Aircrack-ng, 159 00:05:22,740 --> 00:05:25,500 most attackers can crack a WEP network pre-shared key 160 00:05:25,500 --> 00:05:28,500 in about two to three minutes with a modern laptop. 161 00:05:28,500 --> 00:05:30,600 Second, we have WPA. 162 00:05:30,600 --> 00:05:33,090 Now, WPA or Wi-Fi Protected Access 163 00:05:33,090 --> 00:05:35,040 was designed as a replacement for WEP 164 00:05:35,040 --> 00:05:37,680 because of the initialization vector vulnerability. 165 00:05:37,680 --> 00:05:39,180 To overcome this vulnerability, 166 00:05:39,180 --> 00:05:40,380 the WPA standard 167 00:05:40,380 --> 00:05:43,530 uses TKIP or the Temporal Key Integrity Protocol 168 00:05:43,530 --> 00:05:46,170 instead of using an initialization vector. 169 00:05:46,170 --> 00:05:48,420 Now, TKIP is basically a new type of vector 170 00:05:48,420 --> 00:05:50,160 and it's going to be 48 bits in length, 171 00:05:50,160 --> 00:05:52,020 and it is a double size vector 172 00:05:52,020 --> 00:05:54,270 over the size of the older initialization vector 173 00:05:54,270 --> 00:05:55,620 that was used in WEP. 174 00:05:55,620 --> 00:05:56,790 Unfortunately though, 175 00:05:56,790 --> 00:05:58,830 TKIP is still considered to be very weak 176 00:05:58,830 --> 00:05:59,663 by today's standards, 177 00:05:59,663 --> 00:06:03,420 and it can quickly be cracked using a modern laptop as well. 178 00:06:03,420 --> 00:06:06,540 Now, WPA also relies on the same RC4 encryption 179 00:06:06,540 --> 00:06:07,710 like WEP did, 180 00:06:07,710 --> 00:06:10,440 but it does add a few other key features to it. 181 00:06:10,440 --> 00:06:13,110 For example, WPA added some integrity checking 182 00:06:13,110 --> 00:06:14,310 to its data transfer 183 00:06:14,310 --> 00:06:15,870 to help prevent an on-path attack 184 00:06:15,870 --> 00:06:17,340 from being successfully conducted 185 00:06:17,340 --> 00:06:18,870 against your wireless networks 186 00:06:18,870 --> 00:06:22,170 by using something known as the message integrity check. 187 00:06:22,170 --> 00:06:24,600 The Message Integrity Check or MIC 188 00:06:24,600 --> 00:06:25,950 relies on hashing the data 189 00:06:25,950 --> 00:06:27,810 before it's being sent over the network, 190 00:06:27,810 --> 00:06:29,580 and that way the receiver can verify 191 00:06:29,580 --> 00:06:33,330 it wasn't modified as the data moved throughout the network. 192 00:06:33,330 --> 00:06:36,600 WPA also introduced a new function called enterprise mode 193 00:06:36,600 --> 00:06:38,730 for authenticating client devices. 194 00:06:38,730 --> 00:06:40,590 This WPA enterprise mode 195 00:06:40,590 --> 00:06:42,630 provides clients with individual authentication 196 00:06:42,630 --> 00:06:43,590 of their devices 197 00:06:43,590 --> 00:06:45,690 using a unique username and password 198 00:06:45,690 --> 00:06:46,980 through an authentication server 199 00:06:46,980 --> 00:06:48,210 like a RADIUS server, 200 00:06:48,210 --> 00:06:50,040 as well as using stronger encryption methods 201 00:06:50,040 --> 00:06:51,330 and security protocols 202 00:06:51,330 --> 00:06:53,460 and providing us with better scalability 203 00:06:53,460 --> 00:06:55,020 and centralized key management 204 00:06:55,020 --> 00:06:57,900 then could be achieved by using a pre-shared key. 205 00:06:57,900 --> 00:06:58,890 Ultimately though, 206 00:06:58,890 --> 00:07:01,410 WPA was determined to be vulnerable to attack, 207 00:07:01,410 --> 00:07:02,970 and it was replaced with a newer version 208 00:07:02,970 --> 00:07:06,930 known as WPA2 or Wi-Fi Protected Access 2. 209 00:07:06,930 --> 00:07:10,260 Now, WPA2 was introduced back in 2004, 210 00:07:10,260 --> 00:07:12,210 and it's still heavily used today. 211 00:07:12,210 --> 00:07:16,020 WPA2 was created as part of the 802.11i standard, 212 00:07:16,020 --> 00:07:18,150 and it was first implemented with wireless G 213 00:07:18,150 --> 00:07:19,800 and then used again with wireless N, 214 00:07:19,800 --> 00:07:22,590 wireless A and wireless AC networks. 215 00:07:22,590 --> 00:07:24,810 WPA2 provides us with the ability 216 00:07:24,810 --> 00:07:26,460 to have stronger integrity checking, 217 00:07:26,460 --> 00:07:27,420 better encryption 218 00:07:27,420 --> 00:07:28,650 and improved authentication 219 00:07:28,650 --> 00:07:31,410 over our earlier WPA based systems. 220 00:07:31,410 --> 00:07:34,500 Now, instead of using the Message Integrity Check or MIC, 221 00:07:34,500 --> 00:07:37,470 WPA2 relies on something known as Counter Mode 222 00:07:37,470 --> 00:07:38,700 with Cipher Block Chaining 223 00:07:38,700 --> 00:07:40,920 Message Authentication Code Protocol, 224 00:07:40,920 --> 00:07:44,370 which most people refer to simply as CCMP. 225 00:07:44,370 --> 00:07:45,720 Now, with CCMP, 226 00:07:45,720 --> 00:07:47,550 the functions from the message integrity check 227 00:07:47,550 --> 00:07:48,780 are already included, 228 00:07:48,780 --> 00:07:51,540 but it also added a comprehensive encryption protocol 229 00:07:51,540 --> 00:07:54,030 to provide confidentiality and integrity assurance 230 00:07:54,030 --> 00:07:55,800 in your wireless systems. 231 00:07:55,800 --> 00:07:58,710 Another improvement in WPA2 over WPA 232 00:07:58,710 --> 00:08:00,990 is that it was replacing the older and less secure 233 00:08:00,990 --> 00:08:02,460 RC4 encryption algorithm 234 00:08:02,460 --> 00:08:04,320 that was used in WEP and WPA 235 00:08:04,320 --> 00:08:06,240 with a newer and more secure one 236 00:08:06,240 --> 00:08:08,883 known as the Advanced Encryption Standard or AES. 237 00:08:09,720 --> 00:08:12,163 Now, AES uses a 128-bit key, 238 00:08:12,163 --> 00:08:13,650 a 192-bit key 239 00:08:13,650 --> 00:08:15,450 or a 256-bit key 240 00:08:15,450 --> 00:08:18,000 depending on your access point's implementation. 241 00:08:18,000 --> 00:08:22,590 With most WPA2 networks, it's going to use a 128-bit key. 242 00:08:22,590 --> 00:08:24,660 Now, AES does provide us with more security 243 00:08:24,660 --> 00:08:26,520 and confidentiality for our data 244 00:08:26,520 --> 00:08:29,100 as it's being transmitted over our wireless networks 245 00:08:29,100 --> 00:08:32,460 than did the old RC4 encryption algorithm. 246 00:08:32,460 --> 00:08:33,840 In WPA2, 247 00:08:33,840 --> 00:08:35,400 the system can be configured to support 248 00:08:35,400 --> 00:08:36,750 authentication of your clients 249 00:08:36,750 --> 00:08:39,840 using either a personal mode or an enterprise mode. 250 00:08:39,840 --> 00:08:43,650 In personal mode, WPA2 utilizes a pre-shared key, 251 00:08:43,650 --> 00:08:45,630 and this is what most people use in their home 252 00:08:45,630 --> 00:08:47,400 or small office networks. 253 00:08:47,400 --> 00:08:50,850 But, if you're using WPA2 in a large office environment, 254 00:08:50,850 --> 00:08:54,090 you're probably going to be using WPA2 enterprise mode instead. 255 00:08:54,090 --> 00:08:56,880 Because this relies on individual usernames and passwords 256 00:08:56,880 --> 00:08:58,590 or digital certificates, 257 00:08:58,590 --> 00:08:59,580 they're going to be evaluated 258 00:08:59,580 --> 00:09:01,590 by a centralized authentication server 259 00:09:01,590 --> 00:09:03,030 before granting the client device 260 00:09:03,030 --> 00:09:05,160 access to your wireless network. 261 00:09:05,160 --> 00:09:06,510 Now in 2018, 262 00:09:06,510 --> 00:09:08,400 the latest version of WPA, 263 00:09:08,400 --> 00:09:11,820 known as Wi-Fi Protected Access 3 or WPA3 264 00:09:11,820 --> 00:09:13,680 was introduced to the world. 265 00:09:13,680 --> 00:09:16,590 WPA3 improves upon WPA2 266 00:09:16,590 --> 00:09:18,260 with features like SAE 267 00:09:18,260 --> 00:09:20,760 or the Simultaneous Authentication of Equals 268 00:09:20,760 --> 00:09:21,900 for personal networks 269 00:09:21,900 --> 00:09:23,760 and an increased encryption strength 270 00:09:23,760 --> 00:09:24,900 for enterprise networks 271 00:09:24,900 --> 00:09:27,780 by supporting AES in Galois Counter Mode, 272 00:09:27,780 --> 00:09:29,370 known as GCM, 273 00:09:29,370 --> 00:09:32,640 and by allowing the use of larger 192-bit 274 00:09:32,640 --> 00:09:36,030 and 256-bit encryption keys to secure your data 275 00:09:36,030 --> 00:09:40,170 when encrypting that data using the AES GCM algorithm. 276 00:09:40,170 --> 00:09:43,320 The Simultaneous Authentication of Equals, or SAE, 277 00:09:43,320 --> 00:09:44,460 is a security protocol 278 00:09:44,460 --> 00:09:46,650 that was designed to enhance the handshake process 279 00:09:46,650 --> 00:09:48,930 used in Wi-Fi authentication. 280 00:09:48,930 --> 00:09:51,420 Now, SAE replaces a pre-shared key method 281 00:09:51,420 --> 00:09:54,510 that was used in WEP, WPA and WPA2 282 00:09:54,510 --> 00:09:57,150 with a more secure authentication mechanism. 283 00:09:57,150 --> 00:09:58,950 This protocol is going to be based on 284 00:09:58,950 --> 00:10:00,960 the Dragonfly key exchange method, 285 00:10:00,960 --> 00:10:02,340 and it has been found to be resilient 286 00:10:02,340 --> 00:10:04,110 against offline dictionary attacks, 287 00:10:04,110 --> 00:10:05,880 which were a significant vulnerability 288 00:10:05,880 --> 00:10:09,180 in the older WPA2 pre-shared key model. 289 00:10:09,180 --> 00:10:12,890 Now, the primary advantage of using SAE inside of WPA3 290 00:10:12,890 --> 00:10:14,130 is in its improved approach 291 00:10:14,130 --> 00:10:16,650 to establishing a secure initial key exchange 292 00:10:16,650 --> 00:10:18,960 between the client and the access point. 293 00:10:18,960 --> 00:10:20,610 Now, unlike WPA2 294 00:10:20,610 --> 00:10:22,860 where an attacker could intercept the handshake process 295 00:10:22,860 --> 00:10:24,240 using an on-path attack 296 00:10:24,240 --> 00:10:26,040 and then use it to guess the network password 297 00:10:26,040 --> 00:10:27,750 with multiple offline attempts, 298 00:10:27,750 --> 00:10:30,930 SAE's method ensures that each attempt to guess the password 299 00:10:30,930 --> 00:10:34,560 requires an active interaction with the access point itself. 300 00:10:34,560 --> 00:10:37,200 This interaction significantly slows down the attacker 301 00:10:37,200 --> 00:10:39,060 and effectively makes a brute force attack 302 00:10:39,060 --> 00:10:41,430 impractical for them to complete. 303 00:10:41,430 --> 00:10:43,680 SAE does offer forward secrecy, 304 00:10:43,680 --> 00:10:45,960 which means that if a session key is compromised, 305 00:10:45,960 --> 00:10:47,250 then its past communications 306 00:10:47,250 --> 00:10:50,220 will still remain securely encrypted and protected. 307 00:10:50,220 --> 00:10:52,470 This enhancement in the authentication process 308 00:10:52,470 --> 00:10:54,390 improves our Wi-Fi network security 309 00:10:54,390 --> 00:10:56,040 and makes WPA3 networks 310 00:10:56,040 --> 00:10:58,470 much more resistant to password related attacks 311 00:10:58,470 --> 00:11:00,690 than any of the older wireless security standards 312 00:11:00,690 --> 00:11:02,490 that we've covered so far. 313 00:11:02,490 --> 00:11:04,320 The final wireless security technology 314 00:11:04,320 --> 00:11:05,580 we need to briefly cover 315 00:11:05,580 --> 00:11:09,330 is what's known as Wi-Fi Protected Setup or WPS. 316 00:11:09,330 --> 00:11:12,450 Now, WPS isn't an encryption or integrity protocol 317 00:11:12,450 --> 00:11:16,590 like WEP, WPA, WPA2 or WPA3, 318 00:11:16,590 --> 00:11:19,200 but instead it's a network security standard 319 00:11:19,200 --> 00:11:20,760 that's aimed at simplifying the setup 320 00:11:20,760 --> 00:11:22,830 of a secure Wi-Fi connection. 321 00:11:22,830 --> 00:11:26,280 WPS allows your users to connect to a network using a PIN, 322 00:11:26,280 --> 00:11:28,260 and this can be hard coded into your device, 323 00:11:28,260 --> 00:11:29,580 be set up with a push button 324 00:11:29,580 --> 00:11:32,880 or Near Field Communication as one of its mechanisms. 325 00:11:32,880 --> 00:11:33,930 Most often though, 326 00:11:33,930 --> 00:11:35,250 I have found that WPS 327 00:11:35,250 --> 00:11:36,840 is implemented using a push button 328 00:11:36,840 --> 00:11:39,510 on the front of your wireless access point. 329 00:11:39,510 --> 00:11:40,920 Now, WPS was designed 330 00:11:40,920 --> 00:11:43,110 to make it easier for non-technical users 331 00:11:43,110 --> 00:11:44,400 to set up secure networks 332 00:11:44,400 --> 00:11:46,003 without the need to manually enter long passwords 333 00:11:46,003 --> 00:11:48,510 to be able to configure and use WPA 334 00:11:48,510 --> 00:11:51,150 or WPA2-based encryption systems. 335 00:11:51,150 --> 00:11:52,140 The idea here was that 336 00:11:52,140 --> 00:11:54,300 this would promote the use of longer, stronger, 337 00:11:54,300 --> 00:11:55,620 and complex passwords 338 00:11:55,620 --> 00:11:57,720 when you initially configure your wireless network, 339 00:11:57,720 --> 00:11:59,670 because the user doesn't have to actually type it in 340 00:11:59,670 --> 00:12:02,550 each and every time it wants to configure a client. 341 00:12:02,550 --> 00:12:05,250 Instead, the user could simply push the WPS button 342 00:12:05,250 --> 00:12:06,720 on their wireless access point 343 00:12:06,720 --> 00:12:07,800 and then configure their client 344 00:12:07,800 --> 00:12:10,950 to connect to the access point using that WPS standard, 345 00:12:10,950 --> 00:12:12,480 and it will automatically be provided with 346 00:12:12,480 --> 00:12:14,730 that long, strong and complex password 347 00:12:14,730 --> 00:12:17,640 after they provide a simple eight digit PIN. 348 00:12:17,640 --> 00:12:19,560 Now, the real problem with WPS though 349 00:12:19,560 --> 00:12:22,290 is a significant vulnerability in the PIN itself 350 00:12:22,290 --> 00:12:24,870 that makes it vulnerable to a brute force attack. 351 00:12:24,870 --> 00:12:27,360 Basically, the way WPS was designed, 352 00:12:27,360 --> 00:12:29,130 even though the PIN is eight digits long 353 00:12:29,130 --> 00:12:31,890 and should have 100 million possible eight digit numbers 354 00:12:31,890 --> 00:12:33,120 that we would need to try, 355 00:12:33,120 --> 00:12:34,500 the system was actually designed 356 00:12:34,500 --> 00:12:36,900 to break that eight digit number into two halves 357 00:12:36,900 --> 00:12:38,040 and then check each half, 358 00:12:38,040 --> 00:12:39,330 which is only four digits 359 00:12:39,330 --> 00:12:42,390 against the stored PIN in the wireless access point. 360 00:12:42,390 --> 00:12:43,350 By doing this, 361 00:12:43,350 --> 00:12:45,060 the key size is effectively reduced 362 00:12:45,060 --> 00:12:48,450 from eight digits down to four digits plus four digits, 363 00:12:48,450 --> 00:12:51,630 which mathematically reduces the total possible combinations 364 00:12:51,630 --> 00:12:54,960 from 100 million down to 20,000 options, 365 00:12:54,960 --> 00:12:56,670 which makes it very quick and easy 366 00:12:56,670 --> 00:12:59,040 to brute force on a modern laptop. 367 00:12:59,040 --> 00:13:00,570 Now, due to this vulnerability, 368 00:13:00,570 --> 00:13:03,120 it is recommended that you disable the use of WPS 369 00:13:03,120 --> 00:13:04,470 in your wireless networks, 370 00:13:04,470 --> 00:13:05,790 especially if you need to maintain 371 00:13:05,790 --> 00:13:09,000 high levels of data security inside of those networks. 372 00:13:09,000 --> 00:13:11,520 So remember, when it comes to wireless security, 373 00:13:11,520 --> 00:13:13,530 you should always use the most secure option 374 00:13:13,530 --> 00:13:15,870 that your devices are going to be able to support. 375 00:13:15,870 --> 00:13:18,840 For most of us, this is going to be WPA3, 376 00:13:18,840 --> 00:13:20,310 but if you have some legacy equipment 377 00:13:20,310 --> 00:13:21,780 that still needs to be supported, 378 00:13:21,780 --> 00:13:25,290 you can still safely use WPA2 in most cases. 379 00:13:25,290 --> 00:13:27,420 These days, you should never use WEP, 380 00:13:27,420 --> 00:13:30,120 WPA or WPS in your networks 381 00:13:30,120 --> 00:13:32,280 because they're all simply too easy to crack 382 00:13:32,280 --> 00:13:34,920 using a modern laptop and some open source software 383 00:13:34,920 --> 00:13:36,210 that an attacker can use 384 00:13:36,210 --> 00:13:37,590 to determine your network's password 385 00:13:37,590 --> 00:13:39,450 in just a few minutes or so. 386 00:13:39,450 --> 00:13:40,470 Now, for the exam, 387 00:13:40,470 --> 00:13:42,330 I want you to remember a few key things 388 00:13:42,330 --> 00:13:43,980 about wireless security. 389 00:13:43,980 --> 00:13:46,260 First, anytime you see the word open 390 00:13:46,260 --> 00:13:47,940 in reference to a wireless network, 391 00:13:47,940 --> 00:13:49,740 this means there is no security, 392 00:13:49,740 --> 00:13:51,810 no protection, and no password. 393 00:13:51,810 --> 00:13:54,750 Open simply means they've chosen no encryption scheme, 394 00:13:54,750 --> 00:13:59,400 so they're not even using WEP or WPA or WPA2 or WPA3. 395 00:13:59,400 --> 00:14:01,860 None of those being used in an open network. 396 00:14:01,860 --> 00:14:04,170 Second, anytime you see the word WEP, 397 00:14:04,170 --> 00:14:06,840 I want you to associate this with initialization vectors, 398 00:14:06,840 --> 00:14:09,180 because that's the vulnerability inside of WEP, 399 00:14:09,180 --> 00:14:12,270 that makes it weak and bad for you to use in your networks. 400 00:14:12,270 --> 00:14:14,940 Third, anytime you see the word WPA, 401 00:14:14,940 --> 00:14:17,520 I want you to think about TKIP and RC4 402 00:14:17,520 --> 00:14:18,870 because TKIP was what we used 403 00:14:18,870 --> 00:14:20,640 to replace the initialization vectors 404 00:14:20,640 --> 00:14:22,860 and RC4 was its form of encryption 405 00:14:22,860 --> 00:14:24,560 that was used in both WPA and WEP. 406 00:14:25,650 --> 00:14:28,590 Fourth, anytime you see the word WPA2, 407 00:14:28,590 --> 00:14:31,623 I want you to think about the acronyms of CCMP and AES. 408 00:14:32,460 --> 00:14:35,070 Now, CCMP is the integrity protocol we use, 409 00:14:35,070 --> 00:14:37,320 and AES is the encryption mechanism that we use 410 00:14:37,320 --> 00:14:39,510 inside of WPA2. 411 00:14:39,510 --> 00:14:40,343 Fifth. 412 00:14:40,343 --> 00:14:42,360 Anytime you see the word WPA3, 413 00:14:42,360 --> 00:14:43,410 I want you to think about 414 00:14:43,410 --> 00:14:45,450 the simultaneous authentication of equals 415 00:14:45,450 --> 00:14:46,650 or SAE 416 00:14:46,650 --> 00:14:48,930 and the Dragonfly key exchange. 417 00:14:48,930 --> 00:14:51,780 Sixth, anytime you see the word WPS, 418 00:14:51,780 --> 00:14:54,330 I want you to think about that push button configuration 419 00:14:54,330 --> 00:14:55,890 that's using an eight digit PIN, 420 00:14:55,890 --> 00:14:57,330 and this is something you should disable 421 00:14:57,330 --> 00:14:59,430 inside of your wireless networks. 422 00:14:59,430 --> 00:15:02,310 Seventh, anytime you hear the term pre-shared key, 423 00:15:02,310 --> 00:15:04,200 you should be thinking about a password being used 424 00:15:04,200 --> 00:15:06,870 in a personal mode of your wireless network. 425 00:15:06,870 --> 00:15:08,130 And eighth and finally, 426 00:15:08,130 --> 00:15:09,930 anytime you hear enterprise mode, 427 00:15:09,930 --> 00:15:11,160 you should be thinking about using 428 00:15:11,160 --> 00:15:12,840 an individual username and password 429 00:15:12,840 --> 00:15:14,130 for each of your users 430 00:15:14,130 --> 00:15:15,060 and authenticating them 431 00:15:15,060 --> 00:15:17,160 using a centralized authentication server 432 00:15:17,160 --> 00:15:18,300 like a RADIUS server 433 00:15:18,300 --> 00:15:21,600 that uses the 802.1X authentication protocol. 434 00:15:21,600 --> 00:15:23,490 If you keep these tips and tricks in mind, 435 00:15:23,490 --> 00:15:25,500 you should do well on the wireless security questions 436 00:15:25,500 --> 00:15:26,493 come exam day.