Hi and welcome to Cyber Bury. My name's Anthony and I'm your local subject matter expert for Network Plus, and today we're gonna be talking about implementing appropriate wireless security measures. So in today's day and age of mobile computing in laptops and BlackBerries and other smartphone devices that can connect wirelessly to network, the
wireless has sort of become are a new gateway into our network that
wasn't there before we used to. When we were just managing the security of our wired in cable connections. It was a bit easier to manage who was allowed and who wasn't allowed to connect into our network if someone did not have a physical connection into our network or wasn't able to actually come in and
attack the computers and our network over the Internet,
if we made sure all of our computers were secure. But Major, all of our servers were secure, and we made sure that no one physically connected into our network then our network was good.
With the advent of wireless, however, and with wireless integration into our different networks, we've now opened a new portal into a new potential security portal into our network that people can try to break into sitting in the parking lot. So we need to help make sure. And we need to understand how we can secure our wireless networks so that we not only keep our
but also so we keep the rest of our network and the rest of our computers and servers secure as well. Probably the most important aspect of securing our wireless connection is going to be all wireless encryption. Now our wireless encryption is going to prevent our wireless from being an open wireless connection.
An open wireless connection is essentially a WiFi that is unsecured. Anyone can connect into this wireless connection
and can just go on our network.
An encrypted wireless connection. However, make sure that all of the data that is being that is being traversed over our network is encrypted. It's not in clear text, and people can't just connect into our wireless just from the open. They need to know. I appreciate it key
where they need to have some sort of radius. They need to have some sort of
account within our network. They need to have maybe someone's they need to steal a smartcard or they need to be using a company computer in order to connect into our wireless.
So this encryption is a very, very important part of securing a wireless connection.
Now the original wireless encryption protocol was wept.
Webb stands for Wired equivalency protocol, and again, it was the original security protocol utilized a pre shared key, which is a key that you give out to everybody and say, This is the key that you type in to connect to our network.
But we don't use it as much anymore, and it is not recommended at all because it is very easily broken. There is a innate security flaw. There's an innate flaw in the mathematical on the encryption protocol within wept that very easily allows wet.
The Web encrypted the Web shared, keyed, appreciated key
to be derived just from capturing different packets.
So if someone can connect, take a laptop, throw open a wire, a capture program and simply sit there and just capture packets that are going on that are traversing our network. Capture the office. Capture some of the authentication handshake packets that air traversing our network
after they captured enough. It is very easy and very quick for them just to
*** just to crack the crack the encryption method and then crack and get the pre shared key so they can connect to our wireless. So Webb is not it all recommended because it is very easily broken.
Oh, pretty much any security researcher penetration tester or cracker trying to malicious attack or trying to crack into your network worth their salt will understand and will know how to crack. A Web encryption protocol will understand how to derive the pre sharqi
the weapon Krypton Wireless Protocol, WEP encrypted wireless access points So it is not at all recommended. It's
W p. A was a temporary enhancement over wept a soon as it was realized how weak wept truly. Waas w P. A. Was sort of a scrambled and a temporary enhancement to get something that was better than something that wasn't is easily broken and didn't have that innate security flaw.
Oh, and W. P. A. Stands for WiFi protected access
temporarily Temple Temple, key integrity protocol in order to encrypt the connection or to encrypt the packets on dis sort of a mid level security dbp a still has the ability to be cracked. It
takes longer, and it requires more packets to be captured and analyzed. Then think than a very easily broken wept encryption. But it is a mid level security. But again,
W p. A is not recommended because we have a W p a to the p p a. To stands for WiFi protected access to,
and it allows us to use the 802.11 standard, and it uses a yes and advanced encryption standard Cryptography in order to encrypt our packets, encrypt our appreciate key.
Now W p A. To is approved for in the United States is approved for top secret level. Top secret level data traversing a network w p A. To encryption standard on an access point is approved for that. Now, the access point itself may need to be approved for top secret,
but the W P. A. To standard is approved for top secret data communications.
W P A. To does not just use may not just use appreciate key. You can set up W P A to protected access points just to use appreciated key. But you can also set up W P. A. To protected access points to use authentication through a radius server,
which we'll talk about in a later module
we can use weaken. Essentially use active directory we could use. Use your accounts of the person who's active, who's actually logged into the computer in order to in order to access a W p A. To encrypted access point.
So rather than handing out appreciated key to everybody, which could very easily be written, written on a sticky note and then lost in the trash,
someone go dumpster diving and find our sticky note and say, Okay, here's the WiFi password. Rather than doing that, we could set up our W P A two acts encrypted access point to authenticate based on user log ins. So the user that's the domain user that's logged into the computer
when they try to connect to the access point is going to authenticate them based on their
already established user name and password, which in which, in the domain environment would be a lot a lot more security securely sound using that type of authentication rather than appreciated key.
Now we also have down here, and it's down here for reason W P s
now Debbie P s stands for WiFi protected security.
newly. It's sort of newly trending, sort of a new thing that you can get on wireless access points or all you have to do is you press a button on the wireless on the wireless access point and you press the button on the device and they synchronise at the same time, and they send a short security code to each other and you're connected.
You don't have to bother with entering a long appreciated key or
bother with all this other long encryption method. All you have to do is press the button and you're easily connected.
the upside for W. P s. What W. P s does have going for it is that it is easy. All you have to do is you just press the button and you press the button on the device and their authenticated.
The downside to W. P S is it is
very insecure. Um, it's it can be broken by the simple fact that W. P s enabled routers do have essentially the key that they're using is not along a super long encryption pre shared key. The key that they're using is a
which can essentially, we can have an attacking computer which can just generate through all of these different these different keys that it could possibly be iterated through. All these different potential possibilities
hits the one that the water the router is using and then connects into the router,
our connection to the wireless access point.
So it's a little bit more complicated than that. There's a little bit more going on going on behind the scenes in that, but that's, ah, little bit more advanced security researching topic. But all we need to know for right here is that
just because W. P s is simple doesn't mean it's secure. DPS is actually very, very, fairly insecure. So
make sure that when you're setting up about wireless access point in your network, you may wanna watch out for wireless access points that claim that there w p s enabled or they have the ability to you have you can easily connect to this wireless access point because even if you turn it off, the W P s capability is still there. Inside that wireless access point,
you need to be careful with
when you're choosing your wireless access points that you may want depending on your environment. If you're just planning on using w p A. To and authenticating with user accounts, you may want to avoid wireless access points that have W. P s get a BP escape of the capability at all.