Wireless Security Part 2

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Time
7 hours 50 minutes
Difficulty
Beginner
CEU/CPE
8
Video Transcription
00:00
>> Let's continue our discussion of wireless security.
00:00
A lot of times we're concerned with
00:00
wireless devices on the network and making sure
00:00
that users are authenticated and making
00:00
sure that data that's transmitted is encrypted.
00:00
A lot of times our focus is on making
00:00
sure that the users are the right users.
00:00
We don't allow malicious entities on the network.
00:00
But what we don't always think about is
00:00
how much trust we have in our access points.
00:00
I'm used to providing my username and
00:00
a password to authenticate to an access point.
00:00
But where do I get assurance that
00:00
the access point is the legitimate access point?
00:00
We have these issues with what I
00:00
referred to as rogue access points.
00:00
Maybe you're at a Starbucks.
00:00
I create an access point with
00:00
an SSID of coffee shop Wi-Fi.
00:00
If you're not specifically looking for Starbucks or
00:00
the Starbucks devices down or if I were closest to you,
00:00
my SSID would appear at the top of the list.
00:00
Many times people just click on
00:00
the first network that makes sense.
00:00
You'll see this in airports and hotels.
00:00
You need to be very suspicious unless you've been
00:00
told the name of the access point and you verified it.
00:00
But even if that's the case,
00:00
we still have the possibility of
00:00
the device being an evil twin.
00:00
This is a type of rogue access point that has
00:00
the SSID of a legitimate access point.
00:00
It's very easy to configure an SSID.
00:00
There's no process to make sure there's
00:00
no other SSID with the same name.
00:00
What will happen is once you connect to a specific SSID,
00:00
by default, your network card will connect you
00:00
to the same SSID again if it's available.
00:00
If I know that the access point for
00:00
the Wi-Fi network at your work,
00:00
and I create an access point with
00:00
the same name and I'm closer to you,
00:00
then you are likely to connect to my device.
00:00
That's a classic man in the middle attack.
00:00
It's so easy to get users to use rogue access points.
00:00
Then if that's the case,
00:00
none of the other stuff about authentication matters,
00:00
because all your data is coming through my system.
00:00
We really want to be concerned about
00:00
the fact that many times we
00:00
can't get assurance that
00:00
the access points is the correct one.
00:00
What we should have is the use of
00:00
certificates in our environment that are going to
00:00
allow access points in
00:00
DNS servers to authenticate to clients.
00:00
Something called NDES or
00:00
network device enrollment support is
00:00
a protocol that allows devices like
00:00
access points to authenticate using certificates.
00:00
We really prefer mutual authentication.
00:00
I'll authenticate to the access point.
00:00
But that access point needs to provide some sort of
00:00
certificate to ensure it's correct access point.
00:00
But there's a lot of overhead and
00:00
time involved in managing certificates.
00:00
One of the better methods for mitigating
00:00
these risks is to scan the network for your devices.
00:00
This involves constantly scanning the network and
00:00
knowing the amount of access points that you should have,
00:00
and noticing if there are any additional ones added.
00:00
It's just about monitoring and staying on
00:00
top of these potential security issues.
00:00
Let's wrap up this section on wireless security.
00:00
We know we have additional challenge of securing
00:00
wireless communications than when we have
00:00
a network that is connected by cables.
00:00
We primarily think about encryption,
00:00
where we have our choices of WEP, WPA, and WPA2.
00:00
Now we have WPA3.
00:00
But it hasn't made it onto the exam yet.
00:00
You do not need to worry about that right now.
00:00
Under authentication, we think about
00:00
centralized authentication under
00:00
the IEEE standard 802.1 x,
00:00
also known as EAP over LAN,
00:00
where we bring in a central authentication server,
00:00
like a radius server to provide
00:00
a centralized point of authentication and policy.
00:00
Then last but not least,
00:00
we talked about some common threats.
00:00
We talked about rogue access points and evil twins,
00:00
which are particularly difficult to detect
00:00
because they have the same name
00:00
as legitimate access points.
00:00
Then NDES.
00:00
It's a protocol that allows
00:00
devices like access points and
00:00
other servers to enroll in
00:00
certificates that they can use for authentication.
00:00
That's a good mitigation strategy.
Up Next