WEBVTT

00:00.110 --> 00:06.930
8:0 to 11 networks just by their wireless nature are some of the most insecure networking technologies

00:06.930 --> 00:07.980
out there.

00:07.980 --> 00:14.580
Now just the fact that you've got a bunch of radios broadcasting all your data assures us that an unprotected

00:14.590 --> 00:18.450
1:52 11 network can really really get into a lot of trouble.

00:18.450 --> 00:22.770
Now we've got a bunch of episodes that we're going to be talking about wireless networks but what I'd

00:22.770 --> 00:27.060
like to do first is do a quick review of some critical terms.

00:27.060 --> 00:34.590
A typical 10:42 network using infrastructure mode begins and ends with a wireless access point a wireless

00:34.590 --> 00:39.840
access point is a bridge between an 10:42 network and an ethernet network.

00:39.840 --> 00:45.690
So the wireless access point not only has radios to talk on the radio to get inside but an Ethernet

00:45.690 --> 00:48.340
Connection to talk to an Ethernet Network.

00:48.780 --> 00:54.850
Every wireless access point has a MAC address built into it just like any other type of device.

00:54.930 --> 00:58.290
What we do is we take this wireless access point.

00:58.290 --> 01:03.180
We configure it with what is known as a service set identifier or SS ID.

01:03.170 --> 01:05.150
This can be a phrase or a term.

01:05.240 --> 01:14.490
Now generally this SS ID is broadcast out to the wireless network area and we associate the MAC address

01:14.550 --> 01:20.130
of the wireless access point with the SS ID that we've configured with that and created what's known

01:20.130 --> 01:25.500
as a basic service set identifier or VSS ID.

01:25.500 --> 01:28.440
Now what I'm going to do is add a client to this.

01:28.440 --> 01:30.640
So here's my wireless client.

01:30.690 --> 01:33.360
Now he wants to connect to this access ID.

01:33.420 --> 01:37.370
So he's going to send a request to the wireless access point.

01:37.590 --> 01:45.270
And if it's an open network the wireless access point will automatically authenticate him and that client

01:45.270 --> 01:49.210
becomes a part of the associated list.

01:49.320 --> 01:54.240
So that's listed by the clients MAC address over at the wireless access point.

01:54.240 --> 01:57.920
Now let's move the client out of the way for a minute and concentrate on the web.

01:57.940 --> 02:07.320
Now if I only have one whap with one SS ID we have a B S ID but for larger networks we can add one to

02:07.320 --> 02:13.320
three as many as you want wireless access points and as long as all of these wireless access points

02:13.590 --> 02:20.670
are connected to a common Ethernet broadcast domain they become what is known as an extended service

02:20.670 --> 02:30.800
set identifier or s as ID as a client moves from one wireless access point in the SS ID to another it

02:31.110 --> 02:36.210
authenticates and de authenticates as it moves from one weap to the next.

02:36.210 --> 02:41.340
The only downside to what I've just shown you is that there is no authentication and there is no encryption.

02:41.340 --> 02:45.280
So anybody with a wireless NIC can get on to this.

02:45.280 --> 02:52.860
SS ID equally anybody who's within Radio Range can listen in and watch everything that you're doing

02:52.950 --> 02:54.590
on the wireless network.

02:54.600 --> 03:00.720
Now the people who invented 10:42 knew this from the get go and it vetted a one stop shopping standard

03:00.720 --> 03:08.980
called Wired Equivalent Privacy that would provide basic authentication and encryption wireless equivalent

03:09.000 --> 03:17.070
privacy or WEP is based on the RC for streaming protocol so it uses an initialization vector like all

03:17.070 --> 03:18.870
streaming protocols do.

03:18.870 --> 03:24.490
It uses a shared key concept which would either be 64 bit or 128 bits.

03:24.540 --> 03:29.610
You generate this key on the wireless access point generally and then you would pass that key out to

03:29.610 --> 03:31.720
anybody who you wanted to connect.

03:31.950 --> 03:38.460
Now the downside to Web is that there were a bunch of terrible limitations to the way the initialization

03:38.460 --> 03:45.390
vector was used and it didn't take them very long at all to come up with ways to be able to hack a WEP

03:45.510 --> 03:51.600
encrypted network just mathematical You didn't have to do anything or try pass codes or anything you

03:51.600 --> 03:55.080
just watch long enough and you would get that key.

03:55.080 --> 04:01.350
This put everybody into a panic and generated a brand new world of something called Wireless protected

04:01.440 --> 04:02.070
access

04:06.280 --> 04:08.170
Oh it was a great time to be a tech.

04:08.170 --> 04:15.460
Back around 2001 we are all excited about this new video to live in standard with its built in web authentication

04:15.460 --> 04:16.470
and encryption.

04:16.660 --> 04:22.290
And then we suddenly discovered that it was completely crackable everybody's in a panic.

04:22.300 --> 04:27.460
Now the 10:42 folks got together and said you know what we're going to do we're going to come up with

04:27.460 --> 04:33.280
a new standard that is both going to be able to handle good authentication as well as good encryption.

04:33.280 --> 04:37.830
And what they did is they came up with the standard known as to 11.

04:37.990 --> 04:40.600
So 8 to 11 I covers two big areas.

04:40.600 --> 04:45.510
First in terms of authentication we're not going to worry about just sharing a key.

04:45.520 --> 04:50.390
I guess some people on like a poor man's network if they still want to do that way they'll support it.

04:50.410 --> 04:58.840
But the idea with a low to 11 eye is that we would now use 8:0 2.1 X authentication 2.1 X had already

04:58.840 --> 05:02.290
been around for while it was used and radious servers and stuff like that.

05:02.410 --> 05:05.010
And they were just going to bring that into a wireless network.

05:05.020 --> 05:10.180
So what you would do is you would then install into your wired network a big radius server that would

05:10.180 --> 05:15.940
have usernames and passwords or it could talk to your domain controller or it would have certificates

05:15.940 --> 05:19.010
or RSA or whatever you wanted to use.

05:19.030 --> 05:23.950
And that way whenever you logged in you'd have to not only try to connect a network but you actually

05:23.950 --> 05:28.850
have to type in a username and password or insert a smart card or whatever it might be.

05:28.870 --> 05:35.620
So you know 2.1 X was great although remember with 10:42 I they still allowed for those few people who

05:35.620 --> 05:39.610
might want to do it to be able to still use something called a pre-shared key.

05:39.610 --> 05:47.940
Now the other thing that 10:42 I pushed was completely dumping the concept of RC 4 and instead replacing

05:47.940 --> 05:52.420
it with a very robust very powerful abs encryption.

05:52.590 --> 05:55.600
Now yes encryption is powerful stuff.

05:55.600 --> 06:03.010
In fact back around 2001 that was a bit of a problem because our already established wireless access

06:03.010 --> 06:06.010
points and Pnyx simply couldn't handle.

06:06.070 --> 06:06.960
Yes.

06:06.970 --> 06:12.730
So the powers of the ATO to 11 world's lynxes and folks like that they all got together and said OK

06:13.270 --> 06:20.320
we can't handle 10:42 I now in fact it wasn't until it was certainly after 2006 don't hold it to me

06:20.320 --> 06:23.140
when 10:42 I finally came out as a standard.

06:23.230 --> 06:27.490
But the industry got together and said What can we do right now.

06:27.640 --> 06:34.870
Well they realized that it is trivial to go ahead and update existing hardware to be able to handle

06:34.930 --> 06:42.160
ATO 2.1 X. That was the easy part the hard part was to get existing Nix and wireless access points to

06:42.160 --> 06:44.190
be able to support a yes.

06:44.230 --> 06:50.490
So the industry got together and said OK OK OK what we're going to do is we're not going to use 8 Yes

06:50.820 --> 06:52.470
at least not till the standard comes out.

06:52.620 --> 06:58.650
What we're going to do is we're going to replace REPP with something called T-Clip.

06:58.680 --> 07:06.030
Now T-Clip still uses RC 4 but basically it improves the problem with the initialization vector and

07:06.030 --> 07:07.620
pretty much gets rid of it.

07:07.620 --> 07:13.680
Now this isn't a standard so the industry got together and decided to call it wireless protected access

07:13.740 --> 07:21.750
or WPA and WPA was fantastic and it worked really really well until a few years later when people began

07:21.750 --> 07:24.470
to realize that they're going to have to update their hardware.

07:24.540 --> 07:30.900
So a whole new class of hardware came out that was fully 8:0 to 11 standard except nobody is talking

07:30.900 --> 07:32.200
about 8 to 11.

07:32.250 --> 07:34.600
Everybody's talking about WPX.

07:34.650 --> 07:46.350
So this whole class of robust 10:42 hardware was known not as 10:42 standard but instead as W P A 2.

07:46.380 --> 07:54.250
So the whole idea with WPA to simply means that it's going to be completely 8:0 to 11 standard.

07:54.270 --> 08:00.360
Now these times as we were watching these changes from 2001 to 2006 make for some interesting stuff

08:00.720 --> 08:04.620
a lot of times you'd be going into a wireless access point and you'd be trying to make configuration

08:04.920 --> 08:09.970
and all of a sudden they wouldn't use the term WPA or WPA to on some of these older ones.

08:09.990 --> 08:21.580
Instead they say stuff like T-Clip or s.c MP CC and P is simply the way 8:0 2:11 networks use ABS encryption.

08:21.600 --> 08:31.050
So we've got this world where we have WEP we have WPA and we have WPA too now with WPA and WPA too you

08:31.050 --> 08:37.470
can use full blown 8:0 2.1 X authentication with radius servers or if you want to you can still use

08:37.650 --> 08:42.270
P S K or pre-shared keys so you can go either way with those.

08:42.270 --> 08:46.890
What's interesting about this and part of the reason I'm going through all this information is because

08:46.890 --> 08:53.190
you would think something like weap which we have known now for 15 years or more is bad that people

08:53.190 --> 08:54.460
wouldn't be using it anymore.

08:54.500 --> 08:57.410
Well you would be shocked what's out there.

08:57.540 --> 09:03.990
Even here in Houston Texas we've had organizations go out and do surveys particularly in the industrial

09:03.990 --> 09:11.630
commercial world to find as much as 15 percent of every network out there today is still using WEP.

09:11.640 --> 09:15.390
Not even talk about WPA versus WPA 2.

09:15.600 --> 09:21.930
So as we go through all of these episodes I want you to keep in mind the old stuff may sound old but

09:21.930 --> 09:30.180
it's still out there.

09:33.220 --> 09:42.060
In.