1
00:00:01,470 --> 00:00:08,220
Walk them to a course on security threats and Wi-Fi a wireless networks this module will examine and

2
00:00:08,220 --> 00:00:13,160
present some specific instances of threats.

3
00:00:13,210 --> 00:00:18,060
Typical wireless network threat is related to the risk of establishing unauthorized connection to a

4
00:00:18,060 --> 00:00:19,160
shared medium.

5
00:00:21,340 --> 00:00:27,710
As an administrator of a wireless network you can't control access to the network.

6
00:00:27,790 --> 00:00:33,340
Any person who is within the reception range of an access point may be an active user in any given network

7
00:00:34,600 --> 00:00:35,220
as we've said.

8
00:00:35,220 --> 00:00:37,300
This is simply a matter of antenna size

9
00:00:40,950 --> 00:00:44,550
since anyone can connect to a network without authorization.

10
00:00:44,550 --> 00:00:51,640
It follows that anyone can eavesdrop on data transmitted in the network What's more attackers can intercept

11
00:00:51,640 --> 00:00:54,370
the data of other users who share an access point.

12
00:00:56,570 --> 00:01:00,140
This is much like working in a broadcast network with hubs and switches.

13
00:01:05,040 --> 00:01:08,200
Another typical threat is impersonating a trusted user.

14
00:01:09,390 --> 00:01:13,380
Computers are authenticated and Wi-Fi networks against their MAC addresses.

15
00:01:14,310 --> 00:01:16,340
A MAC address is not encrypted.

16
00:01:17,820 --> 00:01:25,320
It is transmitted in clear text using radio waves to add to that all network Current support changing

17
00:01:25,320 --> 00:01:30,560
their MAC addresses.

18
00:01:30,730 --> 00:01:35,230
The risk of deploying a denial of service attack that will block an access point hasn't been a problem

19
00:01:35,230 --> 00:01:38,650
for wired networks or at least not to this degree.

20
00:01:40,730 --> 00:01:49,030
Since the medium is a radio wave it can be interfered or jammed either of the two can be enough to disrupt

21
00:01:49,030 --> 00:01:52,340
the operation of a possibly important enterprise infrastructure

22
00:01:57,340 --> 00:01:59,100
with wireless networks.

23
00:01:59,200 --> 00:02:06,430
You can run your own access point and spoof a trusted AP that was earlier used by clients klank computer

24
00:02:06,430 --> 00:02:12,820
will connect to an access point that produces the strongest signal.

25
00:02:12,960 --> 00:02:14,790
We're back to the antenna size rule.

26
00:02:15,910 --> 00:02:21,920
If your rogue access point will have a bigger antenna it will be used to establish connections within

27
00:02:21,950 --> 00:02:24,960
networks users.

28
00:02:24,990 --> 00:02:27,290
Let's look more closely into this issue.

29
00:02:36,030 --> 00:02:40,820
You should be aware of the possible threats that await you if you use an unknown Wi-Fi network.

30
00:02:41,130 --> 00:02:42,480
Especially if they're public

31
00:02:46,510 --> 00:02:51,710
tackle described now was terrifically popular with intruder's at European and U.S. airports several

32
00:02:51,710 --> 00:02:52,600
years ago.

33
00:02:53,660 --> 00:02:58,090
From a technology standpoint this attack is not a feat of creativity.

34
00:02:59,640 --> 00:03:05,370
It made use of a combination of simple technological solutions and basic social engineering tricks.

35
00:03:07,620 --> 00:03:11,760
A would be attacker launches a fake access point in a crowded place.

36
00:03:11,760 --> 00:03:19,590
For example in an airport terminal to make users connect to the AP the attackers network has the legitimate

37
00:03:19,620 --> 00:03:20,810
looking name.

38
00:03:20,910 --> 00:03:30,090
For example free Wi-Fi airport or Heathrow Airport any in its name will do it could be the name of an

39
00:03:30,090 --> 00:03:33,270
Internet service provider that is popular in a given area.

40
00:03:35,560 --> 00:03:41,020
The attackers aim to scoop as many connections as possible to achieve this.

41
00:03:41,020 --> 00:03:44,370
The rogue access points did not perform user authentication.

42
00:03:45,680 --> 00:03:48,510
It didn't encrypt the transmitted data either.

43
00:03:48,560 --> 00:03:56,670
The networks were open when you connect to an access point an airport or coffee bar or a restaurant

44
00:03:57,250 --> 00:04:00,280
you do it to gain Internet access.

45
00:04:00,290 --> 00:04:03,170
That's why fake access points offered internet access

46
00:04:06,180 --> 00:04:12,030
and the computer connected to an attacker's access point sent data through the attackers device.

47
00:04:13,300 --> 00:04:18,630
Even if an access point connection doesn't allow for changing some client side network configurations

48
00:04:19,980 --> 00:04:26,160
many configurations are performed automatically through an active DHC P.

49
00:04:26,310 --> 00:04:31,740
Let's move away from the risks connected with the possibility that it's an attacker who set a DNS server

50
00:04:31,740 --> 00:04:36,960
used by clients and take a look at a simpler matter.

51
00:04:37,050 --> 00:04:42,780
Users fully expect that once an access point connection is established and the Web site is opening a

52
00:04:42,780 --> 00:04:48,030
page will be displayed from the Wi-Fi provider with a thank you message and a request to submit credit

53
00:04:48,030 --> 00:04:49,150
card details.

54
00:04:51,420 --> 00:04:58,260
As a result of this expectation users will freely in a transparent and unsecured way provide the attacker

55
00:04:58,260 --> 00:05:03,700
with their credit card numbers then send it to the attacker server.

56
00:05:04,140 --> 00:05:08,180
If this trick is to be pulled off a fake Web site has to look trustworthy

57
00:05:10,960 --> 00:05:16,260
it should look similar to other pages from a legitimate internet providers.

58
00:05:16,280 --> 00:05:20,820
There's a ton of tools on the Internet that can help you download an entire web page to your computer's

59
00:05:20,820 --> 00:05:23,730
local disk.

60
00:05:23,740 --> 00:05:27,170
You can also download a logging page.

61
00:05:27,210 --> 00:05:36,000
It's not a problem anymore to set up a page that looks identical to any other page.

62
00:05:36,010 --> 00:05:39,820
I'd highly recommend to be cautious with using Free Public Wi-Fi networks.

63
00:05:40,810 --> 00:05:46,330
Especially if a logging window appears with a request to submit any sensitive data especially credit

64
00:05:46,330 --> 00:05:47,400
card details.

65
00:05:49,290 --> 00:05:52,620
This idea for attacks was subsequently developed and improved on.