WEBVTT 0:00:02.900000 --> 0:00:07.980000 Hello and welcome to this video titled Understanding Web and WPA. 0:00:07.980000 --> 0:00:10.580000 Let's go over the topics I'm going to cover. 0:00:10.580000 --> 0:00:14.100000 I'm going to help you to identify encrypted wireless LANs by visually 0:00:14.100000 --> 0:00:17.940000 comparing them to identify which ones are encrypted and which ones aren't. 0:00:17.940000 --> 0:00:21.860000 We're going to talk about where exactly encryption takes place when it 0:00:21.860000 --> 0:00:24.220000 does happen on a wireless LAN. 0:00:24.220000 --> 0:00:28.200000 I'm going to give you an overview of Web versus WPA. 0:00:28.200000 --> 0:00:32.000000 We're going to look at a timeline of Wi-Fi security and then we're going 0:00:32.000000 --> 0:00:38.820000 to go into a little bit more details of WPA and WPA personal and enterprise. 0:00:38.820000 --> 0:00:42.360000 So let's start with how do I visually identify. 0:00:42.360000 --> 0:00:45.720000 There's a bunch of wireless LANs available for me to connect to. 0:00:45.720000 --> 0:00:50.900000 How do I identify which ones are secured and which ones are unsecured? 0:00:50.900000 --> 0:00:55.680000 Well when a wireless LAN displays as secured either because it has the 0:00:55.680000 --> 0:01:00.200000 name secured in it or it has some sort of a padlock, that means that that 0:01:00.200000 --> 0:01:08.740000 access point who's advertising that wireless LAN has said I use encryption. 0:01:08.740000 --> 0:01:11.740000 And the algorithms and protocols that are used to provide that encryption 0:01:11.740000 --> 0:01:15.760000 also provide for data integrity so that the client can make sure that 0:01:15.760000 --> 0:01:20.480000 the data has not been changed in transit and so the access point when 0:01:20.480000 --> 0:01:23.940000 it's receiving data from the client can ensure that that received data 0:01:23.940000 --> 0:01:28.600000 has not been changed or modified in transit. 0:01:28.600000 --> 0:01:35.400000 So Web, WPA, WPA2 and WPA3 are all examples of protocols that provide 0:01:35.400000 --> 0:01:40.100000 for secured wireless LANs which like in this case here you would see the 0:01:40.100000 --> 0:01:45.340000 padlock symbol. Now one thing to be aware of is that if an access point 0:01:45.340000 --> 0:01:54.440000 is sending you a beacon and in this wireless LAN is secured. 0:01:54.440000 --> 0:01:57.500000 Here's the authentication method that I use. 0:01:57.500000 --> 0:01:59.880000 Here's the encryption algorithms that I use. 0:01:59.880000 --> 0:02:04.560000 Now if you receive that it is not an optional thing. 0:02:04.560000 --> 0:02:07.360000 In other words the client does not have the option of saying oh thank 0:02:07.360000 --> 0:02:10.140000 you very much for telling me that but I don't need that. 0:02:10.140000 --> 0:02:12.260000 Just go ahead and connect me without security. 0:02:12.260000 --> 0:02:13.440000 You can't do that. 0:02:13.440000 --> 0:02:17.400000 If a wireless LAN is configured for security you can only connect to that 0:02:17.400000 --> 0:02:21.840000 from the client's perspective if your client supports that security and 0:02:21.840000 --> 0:02:27.780000 if you have the correct credential it's not an either or proposition. 0:02:27.780000 --> 0:02:30.660000 Now where exactly does encryption take place? 0:02:30.660000 --> 0:02:35.360000 Well first of all only the Wi-Fi data the frame body gets encrypted. 0:02:35.360000 --> 0:02:39.740000 If you've ever actually taken a look at an 802.11 frame type it's very 0:02:39.740000 --> 0:02:42.040000 different than a wired frame type. 0:02:42.040000 --> 0:02:47.320000 An 802.11 frame type has lots of different headers in front of it a lot 0:02:47.320000 --> 0:02:49.540000 more headers than Ethernet frame does. 0:02:49.540000 --> 0:02:53.640000 A regular wired Ethernet frame only has three maybe four headers in front 0:02:53.640000 --> 0:02:58.360000 and that's it. A Wi-Fi frame can have ten or more headers in front of 0:02:58.360000 --> 0:03:02.600000 it very easily so the frame structure is very different and within that 0:03:02.600000 --> 0:03:08.600000 frame structure only the body is the part that gets encrypted. 0:03:08.600000 --> 0:03:12.300000 Now the access point does have the ability to advertise various encryption 0:03:12.300000 --> 0:03:16.140000 standards and protocols just depending on the software residing in that 0:03:16.140000 --> 0:03:20.720000 access point and what has been configured on it by the network administrator. 0:03:20.720000 --> 0:03:23.460000 So where does Wi-Fi encryption happen? 0:03:23.460000 --> 0:03:28.320000 It happens right here from the client to the access point and that's it. 0:03:28.320000 --> 0:03:36.120000 So if you're using Wi-Fi to go to for example a normal HTTP website well 0:03:36.120000 --> 0:03:39.240000 the only encryption you're going to get the only confidentiality you're 0:03:39.240000 --> 0:03:42.880000 going to get is from your laptop to the access point. 0:03:42.880000 --> 0:03:47.760000 After that when the Wi-Fi frame I should say the 802.11 frame is converted 0:03:47.760000 --> 0:03:53.740000 into an ether type frame or an 802.3 frame at that point your data will 0:03:53.740000 --> 0:03:58.700000 be decrypted by the access point and put in plain text format into the 0:03:58.700000 --> 0:04:02.660000 new wired ethernet frame and from that point all across the wired network 0:04:02.660000 --> 0:04:06.940000 until it gets to the server it'll be plain text for anybody to read. 0:04:06.940000 --> 0:04:11.640000 So if you want end to end encryption we're not talking about Wi-Fi encryption 0:04:11.640000 --> 0:04:14.220000 then you have to use something above and beyond that. 0:04:14.220000 --> 0:04:18.740000 For example most websites these days not all of them but most websites 0:04:18.740000 --> 0:04:28.740000 use HTTPS which is like INE.com for example when you connect to it we'll 0:04:28.740000 --> 0:04:32.640000 send you a digital certificate and then using that you can start encrypting 0:04:32.640000 --> 0:04:34.980000 your data from the client to the server. 0:04:34.980000 --> 0:04:40.180000 I just want you to be aware that with Wi-Fi security it's not end to end. 0:04:40.180000 --> 0:04:44.400000 So let's talk a little bit about some high level differences between WEP 0:04:44.400000 --> 0:04:49.060000 and WPA. Now you might be thinking to yourself well Keith I've been studying 0:04:49.060000 --> 0:04:58.400000 Wi-Fi for a little but it uses WEP anymore and it's been like over a decade 0:04:58.400000 --> 0:05:00.900000 since that was formally taken away. 0:05:00.900000 --> 0:05:04.880000 Why are we talking about it here dude I get an old course no I want you 0:05:04.880000 --> 0:05:09.140000 to understand that to really understand the benefits of WPA we pretty 0:05:09.140000 --> 0:05:13.820000 much have to go back in time and understand the benefits of WEP. 0:05:13.820000 --> 0:05:16.820000 It's kind of like you know take yourself back 200 years ago if someone 0:05:16.820000 --> 0:05:21.280000 was trying to say hey this let me introduce this car I've just created 0:05:21.280000 --> 0:05:24.580000 I'm Henry Ford I've created a new car well to understand the benefits 0:05:24.580000 --> 0:05:28.320000 of a car you kind of have to understand what a horse and buggy was like 0:05:28.320000 --> 0:05:30.900000 so you would want to get that car. 0:05:30.900000 --> 0:05:34.120000 So let's go into some of those details here. 0:05:34.120000 --> 0:05:37.440000 So WEP stood for Wired Equivalent Privacy. 0:05:37.440000 --> 0:05:43.740000 You see 802.11 the official Wi-Fi standard from the IEEE came out in 1997 0:05:43.740000 --> 0:05:48.040000 some of you guys watching me might not even been born that early okay 0:05:48.040000 --> 0:05:52.920000 so that's when Wi-Fi really first came out and the original 1997 standard 0:05:52.920000 --> 0:05:58.520000 they said hey if you want to do encryption you're going to use Wired Equivalent 0:05:58.520000 --> 0:06:01.320000 Privacy you're going to use WEP and this was their idea they said hey 0:06:01.320000 --> 0:06:05.560000 let's see here in wireless LAN we can't prevent people from seeing the 0:06:05.560000 --> 0:06:08.720000 radio frequencies of everybody else we can't stop that. 0:06:08.720000 --> 0:06:12.660000 Well how can we make how can we give that a similar level of security 0:06:12.660000 --> 0:06:18.300000 as a Wired LAN. I know let's provide authentication and encryption of 0:06:18.300000 --> 0:06:21.940000 data and that's what the idea behind WEP was. 0:06:21.940000 --> 0:06:26.800000 Now the encryption method that it used was something called an RC4 encryption 0:06:26.800000 --> 0:06:31.480000 cipher. Now that is not this is not an encryption class I'm not going 0:06:31.480000 --> 0:06:35.960000 to blow your mind I couldn't if I wanted to with the details of how RC4 0:06:35.960000 --> 0:06:41.240000 works but what I will tell you is that back in 1997 RC4 was a pretty good 0:06:41.240000 --> 0:06:46.420000 thing it is pretty secure nowadays people like RC4 I could crack that 0:06:46.420000 --> 0:06:50.260000 with my smartphone and that's probably true but back then it was pretty 0:06:50.260000 --> 0:06:56.580000 secure. Now it's considered unsafe and for this reason WEP has been deprecated 0:06:56.580000 --> 0:07:00.440000 it's actually kind of interesting that I don't know I think it was around 0:07:00.440000 --> 0:07:08.000000 2004 2005 the FBI actually did a public demonstration of how to crack 0:07:08.000000 --> 0:07:12.040000 WEP they didn't want people using WEP they want everybody know how bad 0:07:12.040000 --> 0:07:14.900000 WEP was so they actually went to the extreme doing a public demonstration 0:07:14.900000 --> 0:07:18.240000 of it I'm sure if I was the designer of WEP I probably would have hung 0:07:18.240000 --> 0:07:21.700000 my head in shame and gone off to a cave at some point but that's sort 0:07:21.700000 --> 0:07:23.380000 of the history of WEP. 0:07:23.380000 --> 0:07:28.020000 So somebody said we need to come up with something better so Wi-Fi protected 0:07:28.020000 --> 0:07:33.240000 access was developed and this was introduced by the Wi-Fi Alliance. 0:07:33.240000 --> 0:07:36.340000 Now who is the Wi-Fi Alliance? 0:07:36.340000 --> 0:07:42.200000 So we've got two groups here we've got the IEEE which are very smart engineers 0:07:42.200000 --> 0:07:47.020000 who come up with all these layer one and layer two protocols and how everything 0:07:47.020000 --> 0:07:51.720000 works how we're going to use electricity to convey information so they 0:07:51.720000 --> 0:07:58.800000 came up with the 802 standards like 802.11, 802.11, NAX and so forth. 0:07:58.800000 --> 0:08:00.560000 Who the heck is the Wi-Fi Alliance? 0:08:00.560000 --> 0:08:04.700000 Well the Wi-Fi Alliance was a trade group of a bunch of different companies 0:08:04.700000 --> 0:08:07.820000 who got together and they said you know what we want to promote Wi-Fi 0:08:07.820000 --> 0:08:11.180000 we want people to start using Wi-Fi we certainly want them to start using 0:08:11.180000 --> 0:08:15.460000 our products that we're selling with Wi -Fi let's do this let's get together 0:08:15.460000 --> 0:08:19.340000 as as an alliance the Wi-Fi Alliance and what we'll do is when vendors 0:08:19.340000 --> 0:08:23.920000 come out with a new access point or a Wi-Fi knit card or something like 0:08:23.920000 --> 0:08:28.660000 that they can send it to us and if for example if Cisco comes up with 0:08:28.660000 --> 0:08:33.380000 a new access point and Cisco sends that access point to the Wi-Fi Alliance 0:08:33.380000 --> 0:08:38.200000 and say hey our access point does 802 .11n we've looked at the standard 0:08:38.200000 --> 0:08:43.120000 by the IEEE and we built everything the standard says into our access 0:08:43.120000 --> 0:08:46.560000 point well who is there to make sure that what they're saying is true 0:08:46.560000 --> 0:08:52.860000 and that that device really does conform to the IEEE standard that's what 0:08:52.860000 --> 0:09:01.900000 the Wi-Fi Alliance can send their Wi -Fi devices to the Wi-Fi Alliance 0:09:01.900000 --> 0:09:05.600000 and then the Wi-Fi Alliance will put those devices through very rigorous 0:09:05.600000 --> 0:09:10.740000 tests and if this device passes all the tests it'll get the seal of approval 0:09:10.740000 --> 0:09:14.200000 which is actually a real sticker that's typically put on the device that 0:09:14.200000 --> 0:09:19.260000 says this is Wi-Fi certified this is 802.11n certified or whatever it 0:09:19.260000 --> 0:09:24.260000 is so that's what the Wi-Fi Alliance does so the Wi-Fi Alliance said hmm 0:09:24.260000 --> 0:09:29.280000 there's web out there very bad people need something different we need 0:09:29.280000 --> 0:09:32.840000 to come up with something better than web now fortunately for the Wi-Fi 0:09:32.840000 --> 0:09:36.240000 Alliance they found out through you know a little birdie flying around 0:09:36.240000 --> 0:09:40.000000 that the IEEE was actually working on this problem they were they they 0:09:40.000000 --> 0:09:45.220000 had put a committee together called the 802.11i committee and these engineers 0:09:45.220000 --> 0:09:49.040000 were saying oh man we need to fix web it's really bad now here's the problem 0:09:49.040000 --> 0:09:52.760000 with the IEEE once the committee gets together to start working on something 0:09:52.760000 --> 0:09:58.600000 it is not a fast process it can sometimes take years before they go back 0:09:58.600000 --> 0:10:02.120000 and forth back and forth and they finally standardized something and a 0:10:02.120000 --> 0:10:06.560000 particular proposal might go through several different drafts before it's 0:10:06.560000 --> 0:10:11.960000 ratified as the final standard and so the Wi-Fi Alliance said hey we've 0:10:11.960000 --> 0:10:17.420000 got a copy of a draft of what the 802 .11i committee is working on and 0:10:17.420000 --> 0:10:22.020000 it's got some good stuff in there it's a lot better than web so they were 0:10:22.020000 --> 0:10:27.160000 forced with a decision they said well we could sit around do nothing and 0:10:27.160000 --> 0:10:34.040000 maybe in six months maybe in six years 802.11i will be done and vendors 0:10:34.040000 --> 0:10:38.420000 can start creating equipment based on that better security they took a 0:10:38.420000 --> 0:10:41.520000 different approach they said we're going to jump into the game ahead of 0:10:41.520000 --> 0:10:51.880000 time here we're going to take this Wi-Fi protected access which is WPA 0:10:51.880000 --> 0:10:57.200000 sometimes it's called WPA one but typically it's shown as WPA so at that 0:10:57.200000 --> 0:11:01.260000 point in time vendors like ruckus and sisco and aruba and stuff could 0:11:01.260000 --> 0:11:05.980000 start creating their access points and their nick cards with this newer 0:11:05.980000 --> 0:11:11.320000 security that was in the draft status of 802.11i send it to the Wi-Fi 0:11:11.320000 --> 0:11:14.880000 Alliance the Wi-Fi Alliance could put it through its paces through various 0:11:14.880000 --> 0:11:19.800000 rigorous tests and if it passed it would be WPA certified it'd be a WPA 0:11:19.800000 --> 0:11:26.060000 certified device so WPA was always intended to be an intermediate measure 0:11:26.060000 --> 0:11:31.260000 until the full 802.i amendment was ratified the problem was they just 0:11:31.260000 --> 0:11:36.180000 didn't know how long it would take to be ratified so here's sort of a 0:11:36.180000 --> 0:11:41.260000 timeline of where we are right now so 1997 that's when the original legacy 0:11:41.260000 --> 0:11:47.240000 802.11 was introduced with web and back then there were two forms of doing 0:11:47.240000 --> 0:11:51.780000 authentication there was shared key authentication where the client and 0:11:51.780000 --> 0:11:56.060000 the access point could actually pass back and forth a passphrase during 0:11:56.060000 --> 0:12:00.900000 the authentication phase of Wi-Fi and then there was open authentication 0:12:00.900000 --> 0:12:04.060000 which said hey during the authentication phase we're not actually going 0:12:04.060000 --> 0:12:07.720000 to pass anything back and forth no passwords or anything we'll save authentication 0:12:07.720000 --> 0:12:12.500000 for later on in the process so if you know anything about Wi-Fi you know 0:12:12.500000 --> 0:12:16.580000 that shared key is deprecated nobody uses it anymore all Wi-Fi is now 0:12:16.580000 --> 0:12:23.960000 open authentication all right then 1999 the Wi-Fi Alliance forms now they 0:12:23.960000 --> 0:12:28.080000 didn't form because they said oh we got a problem with security they just 0:12:28.080000 --> 0:12:31.300000 formed because they said hey somebody needs to get together to start testing 0:12:31.300000 --> 0:12:34.880000 vendors equipment to make sure that vendors equipment can do what they 0:12:34.880000 --> 0:12:39.180000 say it can do so that was the original intention of the Wi-Fi Alliance 0:12:39.180000 --> 0:12:42.800000 a trusted group that if they put their seal of approval on something you 0:12:42.800000 --> 0:12:50.340000 knew that device did what it was supposed to do now in 2001 and i'm probably 0:12:50.340000 --> 0:12:53.920000 going to slaughter these names here we'll just say scott it's sick and 0:12:53.920000 --> 0:12:59.780000 aadi published a crypt analysis of web showing its vulnerability so they 0:12:59.780000 --> 0:13:08.240000 actually documented a paper saying web stinks it can be like chickens 0:13:08.240000 --> 0:13:11.400000 with their heads cut off oh my gosh web is broken what are you gonna do 0:13:11.400000 --> 0:13:19.660000 so luckily the Wi-Fi Alliance got a hold of that draft of 802.11i and 0:13:19.660000 --> 0:13:26.420000 two years later they came up with wpa now if they had just waited one 0:13:26.420000 --> 0:13:38.520000 more year they could have saved themselves a lot of hassle what it's supposed 0:13:38.520000 --> 0:13:43.500000 to do with 802.11i and might talk about that in a different video but 0:13:43.500000 --> 0:13:47.920000 for the purpose of wpa now you sort of see where it fits in the timeline 0:13:47.920000 --> 0:13:54.860000 of things so going back to web so with web you had a static unchanging 0:13:54.860000 --> 0:14:01.600000 passphrase like ine 1234 the size of that passphrase could be it was originally 0:14:01.600000 --> 0:14:06.540000 64 bits within a few years that was determined to be crackable so they 0:14:06.540000 --> 0:14:12.240000 said let's make it bigger they went to 128 or 256 bits 128 is most common 0:14:12.240000 --> 0:14:18.620000 very few devices back then even supported 256 bit web so the way this 0:14:18.620000 --> 0:14:25.500000 worked is that once you went through you know you go through open authentication 0:14:25.500000 --> 0:14:29.580000 you would associate with an association request and association response 0:14:29.580000 --> 0:14:35.140000 and then you would start doing web and with web your security key your 0:14:35.140000 --> 0:14:40.520000 key for encryption would be based off of this passphrase this ine 1234 0:14:40.520000 --> 0:14:45.580000 as an example right here and the RC4 encryption cipher was used for this 0:14:45.580000 --> 0:14:50.560000 and as I mentioned this was easily cracked big problem with web was the 0:14:50.560000 --> 0:14:54.780000 fact that this passphrase was static not changing and it was used for 0:14:54.780000 --> 0:14:59.860000 both authentication and encryption so if someone just sat on your wireless 0:14:59.860000 --> 0:15:05.040000 LAN for a few hours they could pretty easily crack what your web passphrase 0:15:05.040000 --> 0:15:08.660000 was and now not only could they get on your wireless LAN to get free access 0:15:08.660000 --> 0:15:12.440000 to the internet they could also decrypt all the data that was going back 0:15:12.440000 --> 0:15:19.700000 and forth on it now how to wpa Wi-Fi protected access fix this well we 0:15:19.700000 --> 0:15:24.560000 still have so with wpa we have this concept of something called wpa personal 0:15:24.560000 --> 0:15:30.040000 and wpa enterprise what we're talking about right here is wpa personal 0:15:30.040000 --> 0:15:36.000000 so wpa personal you still have a passphrase like ine 1234 that initial 0:15:36.000000 --> 0:15:41.940000 passphrase is still used for authentication and now a base key for encryption 0:15:41.940000 --> 0:15:47.140000 is set and that's also derived from that passphrase among other things 0:15:47.140000 --> 0:15:52.260000 so the wpa base key was made up of several components but this was a big 0:15:52.260000 --> 0:15:57.080000 part of it right here the static passphrase it could be up to 256 bits 0:15:57.080000 --> 0:16:02.580000 long derive from that passphrase data was encrypted to and from the access 0:16:02.580000 --> 0:16:09.220000 point now here is here are the two big enhancements of wpa over what previously 0:16:09.220000 --> 0:16:17.880000 existed with web number one wpa utilize an rc4 plus t-kip encryption cipher 0:16:17.880000 --> 0:16:24.060000 so t-kip which is called the the temporal key integrity protocol was sort 0:16:24.060000 --> 0:16:29.680000 of like a wrapper around rc4 so they took the existing rc4 algorithm that 0:16:29.680000 --> 0:16:34.380000 was used in web and they modified a little bit and came out with t-kip 0:16:34.380000 --> 0:16:38.920000 so t-kip was not a whole brand new thing it was sort of based on rc4 which 0:16:38.920000 --> 0:16:43.480000 had already been proven to be crackable but what made t-kip better well 0:16:43.480000 --> 0:16:48.460000 number one they added a message integrity check web didn't have that so 0:16:48.460000 --> 0:16:51.200000 with web you didn't really have any way of verifying if you received some 0:16:51.200000 --> 0:16:55.560000 Wi-Fi data if it had been modified in transit if the integrity of your 0:16:55.560000 --> 0:17:00.540000 ones and zeros was okay now at wpa you did have that but here was the 0:17:00.540000 --> 0:17:07.240000 big big enhancement t-kip added a per packet key system which meant that 0:17:07.240000 --> 0:17:12.900000 every packet could be encrypted with a unique and different key and this 0:17:12.900000 --> 0:17:18.340000 is what added a lot of security that web did not previously have now the 0:17:18.340000 --> 0:17:24.200000 downside though is that with wpa personal all those per packet keys are 0:17:24.200000 --> 0:17:30.660000 all based on that static passphrase like ine1234 and because that doesn't 0:17:30.660000 --> 0:17:35.100000 change if somebody collected a whole bunch of your Wi-Fi data and they 0:17:35.100000 --> 0:17:38.480000 took it offline and they started doing a dictionary attack against it 0:17:38.480000 --> 0:17:42.800000 and several other things they could eventually crack this and decode your 0:17:42.800000 --> 0:17:48.540000 data now was a lot harder to do that than it was with web but it was a 0:17:48.540000 --> 0:17:56.680000 lot better than web now there's also something called wpa enterprise so 0:17:56.680000 --> 0:18:02.780000 with wp enterprise this utilize 802 .1x to authenticate a radius server 0:18:02.780000 --> 0:18:08.980000 or i should say against a radius server you see in wpa personal the access 0:18:08.980000 --> 0:18:13.320000 point was in charge of knowing what the pre-shared key was what that password 0:18:13.320000 --> 0:18:17.300000 was and then when someone joined to the wireless LAN the access point 0:18:17.300000 --> 0:18:22.300000 did all the work of okay are you who you really say you are and let's 0:18:22.300000 --> 0:18:25.520000 determine some some encryption keys that we're going to use between us 0:18:25.520000 --> 0:18:30.620000 the access point did all of that but the downside was the passphrase was 0:18:30.620000 --> 0:18:41.120000 static it was 802.1x whether you're doing wireless or wired it always 0:18:41.120000 --> 0:18:47.040000 has the same three components and this is a quick overview of that so 0:18:47.040000 --> 0:18:53.900000 with 802.1x the client is called a supplicant and that actually involves 0:18:53.900000 --> 0:18:59.260000 having some special software on the client Windows has supplicant software 0:18:59.260000 --> 0:19:03.720000 built into it or you could download for example Cisco's AnyConnect software 0:19:03.720000 --> 0:19:09.480000 which has supplicant capabilities that's one component the very first 0:19:09.480000 --> 0:19:12.940000 networking device you're connecting to which in this case is the access 0:19:12.940000 --> 0:19:22.180000 point is called an authenticator authenticator or in the world of wired 0:19:22.180000 --> 0:19:26.840000 802.1x that would probably be a switch and then the actual authentication 0:19:26.840000 --> 0:19:36.040000 process is being done by what's called a triple-a server or technically 0:19:36.040000 --> 0:19:44.020000 we could call that an authentication server that could be something like 0:19:44.020000 --> 0:19:48.640000 you know Cisco used to sell a product called Cisco secure ACS now they 0:19:48.640000 --> 0:19:54.200000 sell something called ICE which is ISE there's other stuff like free radius 0:19:54.200000 --> 0:19:57.880000 there's lots of servers that you could buy that could do this but the 0:19:57.880000 --> 0:20:02.040000 idea here with 802.1x is that when the supplicant very first connects 0:20:02.040000 --> 0:20:08.240000 the authenticator says stop who are you tell me your credentials and then 0:20:08.240000 --> 0:20:11.500000 once the authentic once the supplicant provides those authentic those 0:20:11.500000 --> 0:20:14.620000 credentials and those credentials might be something as simple as a username 0:20:14.620000 --> 0:20:18.960000 and password or a digital certificate then those will actually be passed 0:20:18.960000 --> 0:20:25.060000 all the way through to the authentication server so those credentials 0:20:25.060000 --> 0:20:31.160000 are carried in a protocol called EAP the extensible authentication protocol 0:20:31.160000 --> 0:20:35.980000 and there's lots of different flavors and forms of EAP but your credentials 0:20:35.980000 --> 0:20:42.860000 are carried inside of an EAP packet now where 802.1x gets involved is 0:20:42.860000 --> 0:20:50.060000 that between here and here the Wi-Fi frame type would say I'm carrying 0:20:50.060000 --> 0:20:55.660000 802.1x that would be the actual frame type the wireless frame type between 0:20:55.660000 --> 0:20:59.360000 the supplicant and the access point or if you were dealing with wired 0:20:59.360000 --> 0:21:03.300000 between the supplicant and the wired ethernet switch is connected to if 0:21:03.300000 --> 0:21:07.080000 you're talking about wired and you're looking at your ethernet frame the 0:21:07.080000 --> 0:21:12.440000 ether type in that frame would have a special number saying 802.1x but 0:21:12.440000 --> 0:21:19.580000 once the authenticator gets that from here to here the authenticator will 0:21:19.580000 --> 0:21:28.140000 typically put that into well so for going from left to right so here would 0:21:28.140000 --> 0:21:32.920000 be just your normal ethernet header and this is the same for wired and 0:21:32.920000 --> 0:21:41.960000 wireless because at this point we're talking about a IP header because 0:21:41.960000 --> 0:21:45.060000 it's going to be IP between the access point and the server or between 0:21:45.060000 --> 0:21:50.320000 a switch and a server and then after the IP header we'd have a most likely 0:21:50.320000 --> 0:21:59.140000 a UDP header and then we'd have a radius header and inside the body of 0:21:59.140000 --> 0:22:02.780000 the radius would be our EAP credentials so the same credentials that were 0:22:02.780000 --> 0:22:08.440000 passed via 802.1x in EAP those EAP would now be put inside of a radius 0:22:08.440000 --> 0:22:14.680000 packet so 802.1x technically is just between the supplicant and the authenticator 0:22:14.680000 --> 0:22:20.960000 and then it's radius between the authenticator and the server so this 0:22:20.960000 --> 0:22:27.240000 is what's used in all enterprise forms of Y5 protected access of WPA it 0:22:27.240000 --> 0:22:36.400000 mandates the use of 802.1x and then once the once the supplicant which 0:22:36.400000 --> 0:22:41.480000 is your laptop your tablet authenticates via 802.1x with a authentication 0:22:41.480000 --> 0:22:45.680000 server then the authentication server will actually provide your base 0:22:45.680000 --> 0:22:57.140000 key to you now in WPA the encryption was still done via RC4 and TKIP so 0:22:57.140000 --> 0:23:02.400000 the actual encryption algorithm was not different between WPA enterprise 0:23:02.400000 --> 0:23:07.260000 and WPA personal the only main difference is that notice here there's 0:23:07.260000 --> 0:23:11.880000 no pre-shared key there's no pre-shared key so what would happen is that 0:23:11.880000 --> 0:23:17.500000 during the authentication phase you would provide your own unique credentials 0:23:17.500000 --> 0:23:25.360000 maybe Bob and a password of INE123 or whatever it is so you've got your 0:23:25.360000 --> 0:23:27.880000 credentials that are different than all the other people that are connected 0:23:27.880000 --> 0:23:32.120000 to this access point everybody has different credentials and then once 0:23:32.120000 --> 0:23:36.380000 you're authenticated by the authentication server the authentication server 0:23:36.380000 --> 0:23:41.280000 would actually dynamically give you a unique encryption key that was based 0:23:41.280000 --> 0:23:47.700000 off of your credentials and other stuff so you see with WPA personal the 0:23:47.700000 --> 0:23:52.840000 encryption keys for everybody connected to the access point were all based 0:23:52.840000 --> 0:23:58.120000 off of one shared value a pre-shared key a passphrase that everybody knew 0:23:58.120000 --> 0:24:04.120000 so some attacker was able to figure out what that passphrase was they 0:24:04.120000 --> 0:24:09.520000 were halfway home in figuring out how to decrypt the data but in WPA enterprise 0:24:09.520000 --> 0:24:14.600000 nobody is having anything in common everybody's authentication credentials 0:24:14.600000 --> 0:24:20.060000 are unique everybody's encryption keys are unique so it's much much more 0:24:20.060000 --> 0:24:23.980000 difficult for an attacker to crack this the downside to that you might 0:24:23.980000 --> 0:24:28.060000 be thinking why doesn't everybody use this well because getting this set 0:24:28.060000 --> 0:24:32.160000 up getting the authentication server configuring it is much much more 0:24:32.160000 --> 0:24:39.280000 complex than WPA personal and so for that reason probably a good 75% of 0:24:39.280000 --> 0:24:42.780000 all companies that you go into whether it be a small coffee shop or an 0:24:42.780000 --> 0:24:49.300000 enterprise that's using WPA still use WPA personal this is just a little 0:24:49.300000 --> 0:24:54.020000 bit too complex for a lot of people to do so that my friends concludes 0:24:54.020000 --> 0:24:58.440000 this video i hope you learned a lot and thank you very much for watching