WEBVTT 0:00:03.220000 --> 0:00:07.460000 Welcome to this video where we're continuing our refresher and review 0:00:07.460000 --> 0:00:09.500000 of Wi-Fi topics. 0:00:09.500000 --> 0:00:11.800000 So now we're going to get into Wi-Fi authentication. 0:00:11.800000 --> 0:00:15.200000 We're going to do a brief overview of what authentication is and some 0:00:15.200000 --> 0:00:20.020000 very high level differences of Wi-Fi authentication. 0:00:20.020000 --> 0:00:28.520000 Okay. So, security with wireless LANs, the objective is very similar to 0:00:28.520000 --> 0:00:30.720000 the security on wired LANs. 0:00:30.720000 --> 0:00:34.040000 So there are three things that ideally we'd like to accomplish. 0:00:34.040000 --> 0:00:38.620000 Authentication, make sure that only authorized users can access our wireless 0:00:38.620000 --> 0:00:43.360000 LAN. Data confidentiality, make sure that people who might be able to 0:00:43.360000 --> 0:00:47.340000 sniff our traffic can't decrypt it. 0:00:47.340000 --> 0:00:48.540000 They can't see what's in there. 0:00:48.540000 --> 0:00:50.420000 It's useless to them. 0:00:50.420000 --> 0:00:54.940000 And data integrity, make sure that nobody can change our data as it's 0:00:54.940000 --> 0:00:58.020000 going across the wireless LAN. 0:00:58.020000 --> 0:01:01.540000 All three of these steps are typically accomplished after you've already 0:01:01.540000 --> 0:01:05.420000 associated to your SSID. 0:01:05.420000 --> 0:01:10.820000 And authentication can occur independently of encryption or integrity. 0:01:10.820000 --> 0:01:15.380000 So, let's do a quick review here of what's involved when you're actually 0:01:15.380000 --> 0:01:18.100000 associating to a wireless LAN. 0:01:18.100000 --> 0:01:25.780000 So in the world of the 802.11, the IEEE's 802.11 standard for Wi-Fi, not 0:01:25.780000 --> 0:01:30.700000 only does your Wi-Fi data go across the radio waves, but there are certain 0:01:30.700000 --> 0:01:36.460000 802.11 frame types are used to control access to the Wi-Fi medium, who 0:01:36.460000 --> 0:01:39.600000 can talk authentication. 0:01:39.600000 --> 0:01:43.100000 And so we need to also know what some of these messages are, not all of 0:01:43.100000 --> 0:01:48.720000 them. So number one, the client discovers the wireless LAN, typically 0:01:48.720000 --> 0:01:52.260000 done because you've received a beacon frame from the access point. 0:01:52.260000 --> 0:01:55.900000 So now you know the MAC address of the beak of the access point, and you 0:01:55.900000 --> 0:02:01.260000 know the name of the SSID that the access point is advertising, like in 0:02:01.260000 --> 0:02:03.740000 this case that SSID is corporate. 0:02:03.740000 --> 0:02:08.340000 Also within that beacon, the access point will indicate what type of authentication 0:02:08.340000 --> 0:02:10.800000 and security it's doing. 0:02:10.800000 --> 0:02:16.940000 Like it says right there. 0:02:16.940000 --> 0:02:22.260000 Now, the in the beacon authentication is going to be advertised as one 0:02:22.260000 --> 0:02:26.500000 of two types, either pre-shared key or open authentication. 0:02:26.500000 --> 0:02:29.300000 You will not see pre -shared key anymore. 0:02:29.300000 --> 0:02:32.420000 That was something that was in the very, very early days, you know, the 0:02:32.420000 --> 0:02:38.120000 mid 90s of 802.11 wireless LANs, but that is no longer there. 0:02:38.120000 --> 0:02:43.300000 So now we use open authentication. 0:02:43.300000 --> 0:02:48.080000 Next, there's going to be exchange of another kind of a frame in 802.11 0:02:48.080000 --> 0:02:52.020000 frame type, which is called authentication request and authentication 0:02:52.020000 --> 0:02:53.680000 response frames. 0:02:53.680000 --> 0:03:01.500000 So with open authentication, so back in the days of pre-shared key, your 0:03:01.500000 --> 0:03:05.040000 authentication request would actually have a pre-shared key in it. 0:03:05.040000 --> 0:03:06.300000 It would have to password. 0:03:06.300000 --> 0:03:09.400000 You would send that in your authentication request, and then the authentication 0:03:09.400000 --> 0:03:13.200000 request would say, you're in, you're good, or nope, you didn't supply 0:03:13.200000 --> 0:03:14.660000 the correct password. 0:03:14.660000 --> 0:03:17.160000 The problem was there were a lot of ways to crack that. 0:03:17.160000 --> 0:03:21.080000 It was not very secure at all, so they deprecated it. 0:03:21.080000 --> 0:03:25.900000 So open authentication, it's not even really authentication. 0:03:25.900000 --> 0:03:29.480000 It just basically says, hey, can I come into your wireless LAN and the 0:03:29.480000 --> 0:03:34.540000 default response will be yes, authentication response, you're in. 0:03:34.540000 --> 0:03:36.780000 Now, does that mean that there's no exchange of passwords? 0:03:36.780000 --> 0:03:38.660000 Well, not at this step. 0:03:38.660000 --> 0:03:42.100000 If we're doing authentication on our wireless language, most wireless 0:03:42.100000 --> 0:03:43.700000 LANs have authentication. 0:03:43.700000 --> 0:03:48.020000 It's actually going to happen later on, not right here. 0:03:48.020000 --> 0:03:55.360000 Okay, and now we're going to send association request and response frames. 0:03:55.360000 --> 0:03:59.560000 So association request is basically the client's way of saying, hey, you 0:03:59.560000 --> 0:04:03.980000 know, do you have room for me, or have you maxed out on the maximum number 0:04:03.980000 --> 0:04:05.700000 of clients you can support, Mr. 0:04:05.700000 --> 0:04:09.180000 Access Point? So if the Access Point is good to go, if it has room for 0:04:09.180000 --> 0:04:13.440000 you, it'll send an association response and say, hey, you're in, and here's 0:04:13.440000 --> 0:04:15.920000 a unique ID for you. 0:04:15.920000 --> 0:04:19.620000 And from this point on, all of your frames you transmit to that Access 0:04:19.620000 --> 0:04:24.320000 Point will have a Wi-Fi header and 802.11 header, and somewhere within 0:04:24.320000 --> 0:04:29.520000 that header among many other things will be this association ID that you 0:04:29.520000 --> 0:04:37.200000 got from the Access Point, so it knows that it's talking to you. 0:04:37.200000 --> 0:04:41.880000 Okay, so now at this point, after you've associated to the Access Point, 0:04:41.880000 --> 0:04:46.020000 after you are formally a part of his BSS, you haven't gotten permission 0:04:46.020000 --> 0:04:49.200000 yet to go beyond that. 0:04:49.200000 --> 0:04:53.140000 You haven't got permission yet to go onto the wired LAN, or even to talk 0:04:53.140000 --> 0:04:56.680000 to other Wi-Fi clients in the same BSS as you. 0:04:56.680000 --> 0:05:04.660000 Now we need to do real authentication, and that takes place next. 0:05:04.660000 --> 0:05:09.880000 So the act of authentication can be accomplished with or without encryption. 0:05:09.880000 --> 0:05:13.080000 As it says, there's two ways of implementing authentication. 0:05:13.080000 --> 0:05:18.440000 We could authenticate the user, which is a typical way, so the user would 0:05:18.440000 --> 0:05:22.840000 have to know some sort of a password, or maybe even a username and a password, 0:05:22.840000 --> 0:05:26.740000 or we could authenticate the device. 0:05:26.740000 --> 0:05:30.760000 So maybe the device presents something like its MAC address or something, 0:05:30.760000 --> 0:05:35.760000 which is pre-known to the wireless LAN controller, and so we allow that 0:05:35.760000 --> 0:05:42.740000 device in. All right, so take a look at the screenshot right here. 0:05:42.740000 --> 0:05:49.060000 We see some wireless LANs, like Pirates and like Bogart. 0:05:49.060000 --> 0:05:50.740000 Wow, that one looks familiar. 0:05:50.740000 --> 0:05:57.080000 Let's say WPA personal or WPA two personal, other ones that say none. 0:05:57.080000 --> 0:06:04.100000 So if a wireless LAN says none, that means it's not offering you any encryption. 0:06:04.100000 --> 0:06:08.040000 Now it doesn't mean anybody can get in, it just means, hey, if you get 0:06:08.040000 --> 0:06:11.600000 access to our wireless LAN, just be warned that everything you send over 0:06:11.600000 --> 0:06:14.200000 the airwaves is going to be unencrypted. 0:06:14.200000 --> 0:06:17.980000 So anybody with a wireless sniffer can see what you're doing. 0:06:17.980000 --> 0:06:21.200000 Now it still might use though authentication. 0:06:21.200000 --> 0:06:24.640000 Now in this case, the authentication is probably going to be something 0:06:24.640000 --> 0:06:26.520000 called a captive portal. 0:06:26.520000 --> 0:06:29.780000 A captive portal, I'll show you what that looks like in just a moment, 0:06:29.780000 --> 0:06:33.300000 but a captive portal is typically where, like in most hotels, right? 0:06:33.300000 --> 0:06:36.760000 Most hotels like Fairfield in this case, Fairfield Guest. 0:06:36.760000 --> 0:06:41.820000 So when you connect to that and you associate to it, the next thing that 0:06:41.820000 --> 0:06:46.040000 happens is a web page pops up. 0:06:46.040000 --> 0:06:49.920000 And the web page says, you know, type in your Fairfield credentials, like 0:06:49.920000 --> 0:06:55.000000 your room number and your last name or something like that. 0:06:55.000000 --> 0:06:58.780000 And if you type in that correct information, now you've been authenticated. 0:06:58.780000 --> 0:07:01.500000 You've supplied the correct credentials and now you can have full access 0:07:01.500000 --> 0:07:03.780000 to the internet at that point. 0:07:03.780000 --> 0:07:05.760000 Now still, nothing's encrypted. 0:07:05.760000 --> 0:07:08.620000 So all the Wi-Fi stuff you're doing between you and the access point, 0:07:08.620000 --> 0:07:11.160000 wherever it is, you know, down the hall or up in your room. 0:07:11.160000 --> 0:07:15.440000 There's no encryption here, but they did use that web page to authenticate 0:07:15.440000 --> 0:07:18.480000 you. That's what we mean by a captive portal. 0:07:18.480000 --> 0:07:23.380000 There's also other methods 802.1x and Mac authentication, which could 0:07:23.380000 --> 0:07:27.380000 also be used to verify that you are who you say you are and yet not provide 0:07:27.380000 --> 0:07:29.780000 you any kind of encryption capabilities. 0:07:29.780000 --> 0:07:35.760000 What's another way that you can identify unsecured network? 0:07:35.760000 --> 0:07:40.740000 All right, so when a network displays as secure, this means it is advertising 0:07:40.740000 --> 0:07:44.080000 encryption. It means you have to be able to support the encryption that's 0:07:44.080000 --> 0:07:51.200000 doing. So which is identified via the lock symbol. 0:07:51.200000 --> 0:07:54.380000 So notice these two first wireless lands here have a little padlock. 0:07:54.380000 --> 0:07:57.620000 That indicates that that is a secured wireless land. 0:07:57.620000 --> 0:08:01.480000 Not only will it require some sort of authentication from you, like a 0:08:01.480000 --> 0:08:05.420000 username and password or maybe just a password, it will also require that 0:08:05.420000 --> 0:08:09.040000 you support the method of encryption that it uses so it can encrypt your 0:08:09.040000 --> 0:08:13.700000 data. The one below it, for example, cable Wi-Fi here. 0:08:13.700000 --> 0:08:16.220000 Notice there's no padlock there. 0:08:16.220000 --> 0:08:18.840000 So that wireless land could be one of two things. 0:08:18.840000 --> 0:08:23.380000 It could be completely open with no passwords or anything. 0:08:23.380000 --> 0:08:28.660000 This gives you freedom to do wireless or it could use a captive portal 0:08:28.660000 --> 0:08:33.540000 or something, which means that you would have to supply some sort of credentials. 0:08:33.540000 --> 0:08:40.280000 So like, for example, if I clicked on cable Wi-Fi on here, instead of 0:08:40.280000 --> 0:08:43.620000 giving me unfettered access to the Internet without authenticating me 0:08:43.620000 --> 0:08:47.560000 or asking me any credentials whatsoever, I might see a page that looks 0:08:47.560000 --> 0:08:51.060000 like this. You've probably seen this before in some environment. 0:08:51.060000 --> 0:08:54.980000 And now I have to select one of these buttons, you know, do I use optimum? 0:08:54.980000 --> 0:08:57.500000 Do I use spectrum or or XFINITY? 0:08:57.500000 --> 0:09:00.840000 And then once I do that, they're probably going to have me presented with 0:09:00.840000 --> 0:09:04.520000 another website where I'm going to provide like my username and password 0:09:04.520000 --> 0:09:08.280000 for spectrum or my XFINITY account number, something like that. 0:09:08.280000 --> 0:09:11.500000 So it's going to be asking me for some sort of authentication and then 0:09:11.500000 --> 0:09:15.220000 I'm in. But because there was no padlock there to begin with, I'm not 0:09:15.220000 --> 0:09:17.280000 going to get any kind of Wi -Fi encryption whatsoever. 0:09:17.280000 --> 0:09:22.300000 So we would consider that to be an unsecured network. 0:09:22.300000 --> 0:09:25.740000 So that completes this video, which is our first preliminary introduction 0:09:25.740000 --> 0:09:27.900000 into Wi-Fi authentication.