1 00:00:01,280 --> 00:00:10,880 WPA was ratified by a Wi-Fi Alliance in 2003 as we mentioned this was an interim solution. 2 00:00:10,900 --> 00:00:12,850 The name is a bit misleading. 3 00:00:13,210 --> 00:00:21,670 WPA to suggest that it's improved more secure version of WPA protocol is the basic version of WPA instead. 4 00:00:21,800 --> 00:00:28,330 One that did not catch on users and manufacturers had to be encouraged somehow to move on to the new 5 00:00:28,390 --> 00:00:33,980 standard WPA was replaced with WPA too. 6 00:00:34,220 --> 00:00:37,350 And it was decided that the interm version will be called WPA 7 00:00:39,990 --> 00:00:47,220 because it's essential to ensure maximum retroactive compatibility to use similar security solutions. 8 00:00:47,240 --> 00:00:49,760 That's why we still use the RC for algorithm 9 00:00:53,100 --> 00:00:54,090 to enhance security. 10 00:00:54,090 --> 00:00:56,830 We extend the ivy from 24 to 48. 11 00:00:56,860 --> 00:01:00,880 It's this is a significant change. 12 00:01:04,410 --> 00:01:10,930 We also eliminate the problem related to the lack of dynamic key change re-introduce the ticket protocol 13 00:01:10,930 --> 00:01:13,210 that allows the automatic generation of keys 14 00:01:18,440 --> 00:01:21,040 WPA verifies the identity of users. 15 00:01:21,290 --> 00:01:26,660 Authenticates them not only against the pre-shared key but also using the already mentioned radious 16 00:01:26,660 --> 00:01:31,080 server. 17 00:01:31,090 --> 00:01:37,740 The last problem that was noticed and fixed related to data integrity instead of a CRC checksum the 18 00:01:37,740 --> 00:01:44,290 protocol used a cryptographic hash function this function makes it more difficult to modify packets 19 00:01:44,290 --> 00:01:49,550 without affecting checksums. 20 00:01:49,570 --> 00:01:52,760 The first version of WPA is vulnerable to attacks. 21 00:01:54,520 --> 00:02:01,670 Most common WPA attacks target pre-shared keys since cracking them by going through all combinations 22 00:02:01,670 --> 00:02:03,310 through brute force attack. 23 00:02:03,350 --> 00:02:06,920 Exhaustive research wouldn't be cost effective. 24 00:02:07,160 --> 00:02:12,100 Dictionary files are used for this purpose. 25 00:02:12,220 --> 00:02:18,100 If for some reason you need to use the WPA and the personal mode and the pre-shared key mode is key 26 00:02:18,100 --> 00:02:19,700 has to be long and complicated 27 00:02:22,300 --> 00:02:29,530 don't shrink from providing 2:54 random characters as a key key should not be found on any dictionary 28 00:02:29,530 --> 00:02:31,410 or word list. 29 00:02:31,410 --> 00:02:33,840 This should not be a simple permutation either. 30 00:02:35,510 --> 00:02:45,230 Adding one at the end doesn't do anything to improve the security of a key. 31 00:02:45,250 --> 00:02:54,140 Let's now briefly discuss WPA to this protocol uses radious servers as far as wireless networks are 32 00:02:54,140 --> 00:02:55,130 concerned. 33 00:02:55,130 --> 00:02:56,680 This is a real revolution 34 00:02:59,520 --> 00:03:05,600 RC for algorithm which is vulnerable to incorrect implementation is replaced with the Advanced Encryption 35 00:03:05,600 --> 00:03:09,230 Standard additionally. 36 00:03:09,340 --> 00:03:19,720 Each frame is encrypted 10 times using abs this solution is known as CCMA MP a brute force attack on 37 00:03:19,720 --> 00:03:27,150 the frame or WPA to protected packet would take over two to 100 power operations to succeed. 38 00:03:28,320 --> 00:03:30,090 This is practically impossible. 39 00:03:32,010 --> 00:03:37,600 The protocol makes use of a long random and unpredictable 48 bit initialization vector 40 00:03:40,410 --> 00:03:48,860 management is automatic and that is you don't need a ticket for this. 41 00:03:48,930 --> 00:03:53,030 How can you break into a WPA to network. 42 00:03:53,130 --> 00:04:00,060 It takes the same methods that need to be used for a WPA network there are essentially two classes of 43 00:04:00,060 --> 00:04:00,900 attacks. 44 00:04:02,850 --> 00:04:08,570 The first class utilizes for example the processing capacity of graphics cards that scale very well. 45 00:04:10,540 --> 00:04:12,670 You can run multiple operations at a time. 46 00:04:12,670 --> 00:04:20,000 If a computer has more than one well-equipped graphics card with kuda the processing is complex so it 47 00:04:20,000 --> 00:04:22,720 might take a bit. 48 00:04:22,780 --> 00:04:25,120 You can also try to guess the key. 49 00:04:25,120 --> 00:04:29,270 This works to limit the territory of attack to appear as a protected network. 50 00:04:30,660 --> 00:04:37,750 This will prove effective if the key is easy to determine. 51 00:04:37,760 --> 00:04:47,240 Now a brief comparison of the three technologies WEP WPA and WPA two or the arrow to double standard 52 00:04:53,030 --> 00:05:01,040 WEP like WPA encrypts packets using RC for ARM like WEP WPA dynamically changes keys and as a stronger 53 00:05:01,040 --> 00:05:11,660 IVI WPA to use the CC MP version of Advanced Encryption Standard for encryption the same protocol is 54 00:05:11,660 --> 00:05:16,570 also used for automatically exchange as you'll see. 55 00:05:16,660 --> 00:05:19,360 The solution is a great way of ensuring Flans security 56 00:05:22,470 --> 00:05:29,190 the security of lands which has the security of computer systems is optional. 57 00:05:29,250 --> 00:05:35,000 It's our task to choose appropriate technologies for Stainer networks. 58 00:05:35,000 --> 00:05:41,050 There is of course many more technologies to choose from each technology protects a given layer and 59 00:05:41,050 --> 00:05:45,160 there are less conspicuous or wireless networks. 60 00:05:45,160 --> 00:05:51,870 The situation is much more simple a wireless network administrator responsible for security has to make 61 00:05:51,870 --> 00:05:54,570 two simple decisions. 62 00:05:54,790 --> 00:05:57,600 Select a method for authenticating users. 63 00:05:57,610 --> 00:06:02,860 This should be done through a radius server and choose a method for ensuring the confidentiality and 64 00:06:02,860 --> 00:06:12,590 authenticity of exchange data that WPA to technology should be employed for this selecting these two 65 00:06:12,590 --> 00:06:19,730 options will practically guarantee a very high level of network security. 66 00:06:19,750 --> 00:06:20,230 Thank you.