Protecting the Network-Wireless Security

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *

Already have an account? Sign In »

14 hours 39 minutes
Video Transcription
okay. Just talked about segmentation the next piece. When we think about our networks, we may think about wireless networking. And, of course, allowing wireless networking has a huge benefit to the business.
I need to be portable. I want to allow my network accessibility to guests that come and go on various laptop devices.
I have a really driving need for WiFi devices.
Pot traditionally and even now,
WiFi has been hard to secure now. We started out years and years ago, several decades ago with our solution for encryption as being well. So the 1st 3 things that I'm going to talk about here are just for encryption.
So when we talk about, well,
weapons, a lousy choice. Webb was a lousy choice when it came out, and it's even lousier today. Now Web stood for wireless I'm sorry, Wired equivalent. Privacy
wired equivalent privacy. It's like it was named by a politician that was saying, we promise you're going to get the same protection for your data
if you throw it out into the air as if you would. If it was bound to a network cape. Vote for me and I'll make sure that happens
well it was never the equivalent of being
confined to wire, right. So wired equivalent privacy was kind of a silly name, and we knew it at the time. It used an algorithm and I don't want to go to technical. But it used a week algorithm called R C four.
RC four had weak key links.
It was implemented really poorly. They were just all kinds of problems with Web, so weapons very dated. So, Kelly, why do you talk about Web? Surely no one still uses wept. Today
I'll hit Paul's so that you can chuckle. Yeah, it's still used in a lot of places today, if you have. You know, I looked at my Comcast router the other day. Well, it's been a while. I'm actually on different provider, but anyway, I looked at that. Comcast rather and on the side
wept Key meaning out of the box. It defaults toe Well,
default configurations are are in.
Why would it default to wept? Because no matter how old your wireless devices, it has the capability of supporting Web.
Nobody wants to be known as that router that's hard to configure. That service provider makes things difficult, so default settings make things easy. And that's why well is still around.
Okay, Now
wept had all these problems. We knew we needed a quick fix and w p a was just that It was a quick fix. Um, we still had a weak algorithm, but it was implemented a little bit better. It used dynamic keys and said the same static key,
but it was still using RC for the same week algorithm. OK, now W p a. To was where we needed to be. W p A was just a Band Aid, and it needed to be a Band Aid because it was backwards compatible with other Web devices.
But W p a to said, You know what? If you want security, you're gonna have to upgrade.
I'm gonna use a new algorithm, the advanced encryption standard. Um, we're gonna support bit links of our keys up to 256 bits as opposed to 104 that you got with RC four Significant improvement. And it's implemented well, So ultimately,
when you wanna protect your wireless networks,
w p A. Two is where you need to go.
uh, devices prior to 8 to 11 I may not support W p a to eight or 2 11 I and I never really hit the market. By the time eight or 2 11 was approved. 82 11. I'm sorry. By the time aided to 11 I was approved
8 to 11 in was already out,
but from I forward, they have to support a Yes. Well, what if you bought a NATO to 11 g device
789 10 years ago, and you need to secure it. Well, then W p. A is gonna be your only choice. But the reality is, in today's environment, you got to spend some money. You've gotta update to stay secure.
Now those three are in reference to encryption. Well, w p a w p a to.
But what about authentication?
An authentication means I need a way of proving I am who I say I am
now with well, w p A and W p A. To use a key to connect to the network and the fact that you know that key kind of authenticates you, but that's pretty limited in scope.
If you want much more robust authentication,
if you want the ability to limit certain users by their names by their active directory groups via certain types of connection. In certain times, you need something more powerful, and that's where our radius servers would come in and Radius stands for remote authentication.
Dialled intimately with the radius server does is it provides a single point
for creating policy in relation to access. So I may have 20 different access points. I could also have dialling servers. Yes, they're still out there. I could also have VP and servers. And rather than configuring policy in all those many different devices,
I can point all those devices to the radius server
that interacts with active directory and gives me a great deal more power and more granularity with who we're authenticating and then authorizing to access the network.
Up Next