Part 15 - Wireless

Video Activity

This section covers the important topic of wireless networking. It's a broad overview of the topic and doesn't dig too deeply into the various protocols and encryption standards surrounding wireless communications. For that, you'll need to check out other study tracks such as CompTIA Security+. We start out be noting that wireless access points wit...

Join over 3 million cybersecurity professionals advancing their career
Sign up with

Already have an account? Sign In »

12 hours 41 minutes
Video Description

This section covers the important topic of wireless networking. It's a broad overview of the topic and doesn't dig too deeply into the various protocols and encryption standards surrounding wireless communications. For that, you'll need to check out other study tracks such as CompTIA Security+. We start out be noting that wireless access points without a router component are much like hubs. They bridge the gap from wired to wireless media. A network comprised of a series of wireless cards installed on PCs is what's known as an ad-hoc network. The discussion then moves into the topic of wireless security and the various wireless encryption standards. We also discuss best practices for securing wireless networks. Threats targeting wireless networks are unauthorized access, sniffing, war driving, and "man in the middle" attacks using rogue access points. A basic precaution when setting up a wireless network is to disable broadcast, but keep in mind, this is far from bullet-proof. The strongest layer of wireless defense is data encryption and comes in several generations of progressively stronger standards. WEP or Wired Equivalent Privacy is the oldest, and not surprisingly, the weakest of wireless encryption standards. It's easily crackable and for that reason not a good choice, however, it's far from obsolete. We point out that routers supplied by many ISPs still use it! WPA is a bit stronger than WEP, but it's been comprised for a while now due to its use of RC-4. WPA2 is the strongest of the three and uses AES (Advanced Encryption Standard) which uses a more complex block cipher. There is also an enterprise version of WPA2 that uses RADIUS authentication for additional strength. The video concludes with a discussion of PANs (Personal Area Networks) with Bluetooth being the most popular. As useful as Bluetooth is, it's wide open to a multitude of attacks. Some of which are blue jacking, blue snarfing, eavesdropping and some which can result in a full takeover of your phone! Precautions when working with Bluetooth are disabling auto-discovery along with auto-pairing for a layered defense. Perhaps the best defense is to turn off Bluetooth entirely when not in use!

Video Transcription
when we talk about wireless there a few more entities other than just WiFi that we want to discuss. So but we will certainly discuss WiFi and we'll talk about that first. So when we're connecting to a land the points of connection from wireless devices, we connect to access points.
And these were kind of like hubs that bridge the gap between the wireless medium. In the wired media,
there are a couple of things about those. And first of all, I mentioned, you don't have to have access points. You can connect in ad hoc mode. It's almost like a MASH network. But for wireless devices, each device connects directly with each other device. Ah, wireless devices have to be configured to use the same channel,
and they're also configured logically to use the same s s I d.
The's s s I d s air frequently broadcasted
so one of the parts of a layer defense would be to stop broadcasting the s s I d. And to give it a unique and complex name. Now I will tell you that's not security in and of itself. That's something we call security through obscurity.
And it's the false idea that if you can't see me, you can't attack me. But it would be part of the layer defense, whereas we would have strong encryption, strong authentication
and then disabled broadcast a swell.
All right now, I don't anticipate a lot of questions on speed on this exam. We're not really concerned with wireless from necessarily a performance standpoint, but we have gone through several iterations 8 to 11 b and then G really kind of became the standard
a day or 2 11 eyes interesting because even though it never really made it to market,
this was the first standard that required the use
w p. A. To.
So that was a big deal, and we really saw it first implemented within now or later to 11 a. C, and we'll see where things go from there. Each step has generally brought a speed improvement end or a change in frequency, so that it's a little bit more accessible and less problems with interference perhaps greater distance
when we do talk about security problems with wireless unauthorized access to the network sniffing data Ah, war driving's wandering around looking in your car, looking for insecure dhe signal and unauthorized access points. Rogue access points, providing a type of
men in the middle of a test.
So when we talk about air snarfing, I'm looking to gather up ah, wireless signal and really sniff out the network. And when we're looking at sniffing wireless or not, a good defense against sniffing is encryption.
So when we talk about wireless encryption, we would look at it
three sort of encryption protocols or security methods, if you will. We have wept Wired equivalent privacy. Be prepared to answer some questions on Web and why it's not a good choice,
but Kelly weapons obsolete. You say to me, and I say, No, it is not Ah, if you've got if you've gotten a router from your cable company, look on the robber and see if it isn't using a Web key. Meaning that it's using wept, wept, is still around. Should it be? No.
But if I have
the older equipment I've already paid for, it's working fine. Haven't had any compromise. People are reluctant to do the upgrade. Big problems.
Week initialization vector on Lee. 24 bit initialization vectors. That wasn't very strong. The ivy being transmitted in clear text well, also used a stream cipher. And if you remember from the cryptography section, we talked about how stream ciphers were very, very fast,
but they were very easy to reverse, which meant they're not as secure.
Well, also,
RC four or within Web RC four was implemented really poorly. We're not gonna go into a lot of details there, but ultimately it wound up sending a challenge encrypted. And if I didn't have the key correctly, my system would send that challenge back decrypted.
So you've got the encrypted challenge and the decrypted
So when you X or those two, it's very easy to determine the key again. Not gonna get into a lot of detail about that, but really bad implementation very easily. Crackle takes more time to open up an application. T crack wept than it does to crack, wept
and back with a 2 to 11 B and perhaps G. That was really the only
Some G devices did support W p. A. But the bottom line was they didn't have to
r W. P. A was stronger, but the thing about w. P. A. Is it was never designed as an end result. It was a quick Band Aid, so it did use a stronger initialization vector. It brought in something also called T kip,
which is temporal key integrity protocol. And so getting away from that static key to having a dynamic negotiation. But it's still used R C four.
Why? Because it needed to maintain back which compatibility with Webb.
But what we were really wanting to get to was W P a. To
and W p A. To goes from that RC four stream cipher toe A s advanced encryption standard, which is a block cipher, which is much more complex to reverse.
CCMP also addressed the key negotiation, but it was more secure than then. Ah t kip. So that was an improvement. Also, W p A and W P A. To both of them gave a support for radius
through a mode called enterprise mode. So when you're configuring, w p a, W P. A. To you, choose personal or enterprise
and enterprise supports authentication through radius server and if you'll recall from our discussion on radius radius is specified by the 812.1 x standard. So if you haven't come to that piece yet it's in the authentication, identity and access management piece
now. Other devices
Bluetooth, the best way to secure Bluetooth devices. Turn it off. Discovery mode and automatic peering make this device designed for ease of use as opposed to security. And even though you can turn off Discovery mode, that's a lot like just hiding an S s I d broadcast
on an access point.
It's not really security. It's just hiding it. And anybody who's looking for glue to signal the of the fund. Some attacks Blue jacking, blue snarfing and blue bugging
Blue jacking is spamming. Bluetooth device blew snarfing, stealing information like contacts and so on and blue bugging You don't hear about very much anymore, but very serious attack.
Um, access and phones through the serial connection, which would allow someone to use what's called the 80 command set, goes back to motives and other serial connections. For four months
spent to issue a command set that would actually take over, the phone could be used to dial or other turn on text features or text from a specific phone. So not very desirable activities there.
So what do you do? You turn it off if you're not using, disable it, use it fortunate for turn it off again. Also get rid of all the discovery and all repairing not
as standalone security measures but as part of the layer defense.
Up Next

Our free online CISSP (8 domains) training covers topics ranging from operations security, telecommunications, network and internet security, access control systems and methodology and business continuity planning.

Instructed By