Time
10 hours 32 minutes
Difficulty
Beginner
CEU/CPE
11

Video Transcription

00:01
Welcome to CyberRays. Video Siris on the Company of Security Plus certification and example.
00:06
I'm your instructor, Rahm Warner.
00:09
This video focuses on wireless security settings found in section 6.3 of Security Plus
00:16
cryptography plays a vital role in wireless networks.
00:20
It's used to invisibly scramble the signals traversing the airwaves.
00:25
In this video, we'll discuss the following wireless security concepts,
00:31
methods for securing wireless networks,
00:34
different cryptographic protocols
00:37
and authentication methods and protocols.
00:41
As you are working through this topic, I recommend reviewing the settings on your own WiFi Network
00:48
Security Plus requires youto understand methods for connecting systems and devices via wireless networks.
00:56
The three methods you need to know our first open authentication.
01:02
This is where you on Lee need to know the S s i D.
01:04
It's the simplest but least secure option. It does not provide encryption, so therefore should be avoided.
01:14
Some open networks first require you to connect through a captive portal.
01:19
This is a Web page that has launched first when connecting through a network that may require you to agree to their terms of use or service.
01:30
The second method should be familiar with is shared authentication
01:34
insured authentication the client and the Wireless Access Point must negotiate and share a key
01:42
prior to initiating communications.
01:45
This is known as a pre shared key or P S K.
01:49
Each end point uses the same key to connect to the WiFi network
01:55
Foreign enterprise. Large organization.
01:57
It's best to use a centralized authentication server that handles distribution of the cryptographic keys and or digital certificates. This is through Extensible Authentication Protocol, or EEP.
02:13
We'll talk a lot more about EEP Leader in this video.
02:15
It is an extension of point the point protocol, or PPP, and allows for flexibility and authentication.
02:23
This includes authentication methods beyond just a user name and password. Such a such a smart cards, one time passwords
02:30
and public key encryption and certificates.
02:35
It also provides support for public certificates that are deployed using auto enrollment or smart cards
02:43
in the early days of WiFi access point or router. Initial configuration and set up was a challenge, particularly for those who are not familiar with technology. They came up with WiFi protected set up or W. P s. You might find that symbol on your own WiFi router.
03:00
W. P s is an extension of the wireless standards whose purpose was to simplify for end users the process of establishing secure wireless home or small business networks. W. P s provides three certified modes of operation.
03:15
The first requires the user to enter a PIN code when connecting to the device. PIN could usually is included with the documentation in the WiFi device.
03:27
The second method requires the user to push a button on the access point and then connect
03:32
through another wireless device.
03:37
Last uses near field communications, or NFC. From a smart device,
03:42
check out W. P s on your own home or small business router.
03:47
Several protocols have been developed to protect wireless networks.
03:52
The primary goals of thes cryptographic protocols are to ensure the confidentiality of data send over the air as well as protect the authentication in the initial connection process.
04:03
The three should be familiar with our w e P or Web.
04:08
W P A W P. A. To
04:12
Web is the original wireless encryption standard and should not be used today.
04:16
Its goal was to provide security similar toe wired networks, but has known security issues.
04:24
It was superseded in 2003 by W. P. A.
04:30
WiFi protected access W P. A. Was developed in response
04:33
security issues with Webb.
04:35
It was implemented using a couple of different options for encryption,
04:41
the one you really need to focus on the one that is used primarily is W P A. To it. Approved on W. P. A.
04:48
Since 2006 it is required for WiFi certified devices
04:54
w p. A. To introduce the use of a yes for encryption,
04:58
and it's based on the IEEE 802.11 i standard.
05:03
What if I protected access?
05:06
W P A. Includes a method to encrypt wireless traffic between the wireless clients and the wireless access points
05:14
W p A. Securities included in the 802 that 11 based products includes a strategy for restricting network access encrypting network traffic
05:23
based on a shared key.
05:26
W p A. Protected networks require users to enter a passkey to access the wireless network and has two different modes.
05:34
W p a personal Using P S K pre shared key, it requires that password of 8 to 63 characters. Quite often, this is the one we'll use at home on all devices. Wireless network must use the same password so I know your password
05:51
that I can get into your WiFi.
05:55
This doesn't suit Enterprise Large Organization W P. A enterprise, also known as W P a 802.1 ex mode
06:04
W P A enterprise requires security certificates and uses an authentication server from which the keys can be distributed.
06:14
The third type of access associated with WiFi is the temporal key Integrity protocol, or teeth kip.
06:20
It was designed to overcome many of the limitations of Web and deliver improvements and message integrity and confidentiality.
06:29
T. Kip is based on RC four and uses a unique key with each packet.
06:33
Ticket has been depreciated since 2012 and it's no longer considered secure.
06:39
T Kip has been replaced in W. P A. To with counter mode, cipher, block, chaining message, authentication code protocol,
06:46
or CCMP.
06:48
It's based on the advanced encryption standard, a yes encryption cipher and supports much longer keys and much more advanced security for WiFi data. Confident confidentiality, user authentication and user access control.
07:02
It combines CTR for confidentiality and TB Dash Mac for authentication
07:09
fully implements the IEEE 802.11 i 2004 WiFi security standard.
07:16
Earlier, I briefly mentioned eep or the Extensible Authentication Protocol.
07:23
It is more typical with larger organization.
07:26
The authentication process is a bit more involved because an authentication server is required.
07:32
EEP is an extension of point point. Protocol allows for flexibility and authentication.
07:38
Eat messages are encapsulated into 802.1 ex Pacnews
07:43
and are marked as a PPE overland were people.
07:47
There are four protocols used with E that provide authentication for wireless networks.
07:54
I'll discuss each of these on the next slide.
07:58
This chart compares the different protocols associated with EEP
08:01
people were protected. Eve is basically a secure wrapper around eat, and it's essential and preventing attacks on password based eep methods.
08:13
P provides several additional benefits within T l s, including encrypted authentication channel dynamic keying material from T. L s. A fast reconnected capability using cash session keys
08:26
and server authentication that guards against unauthorized access points.
08:31
Eep t. L s use a certificate based mutual authentication
08:37
negotiation of the encryption method and encrypted key
08:43
eep transport layer security, or E. T. L s uses certificate based mutual authentication,
08:50
negotiation of the encryption method and encrypted key determination between the client
08:56
and the authentic hitting server.
08:58
Most implementations of eep pls use
09:01
x 509 Digital certificates toe Authenticate the users.
09:07
We'll talk about x 509 in the next video.
09:11
Keep fast or flexible authentication via secure tunneling Protocol was developed and proposed by Cisco as replacement for the original leap
09:22
Eat fast Establishes a T. L s tunnel for authentication, but does so using a protected access credential.
09:30
We're pack
09:31
E T T l s or tunnel transport layer security extends T l s
09:37
Familiarize yourself with these different extensions to eat. Earlier I mentioned about IEEE 802.1 x standard. This is the standard for port based network access Control IEEE 80 to Taiwan. Ex defines using heat over both wired Ethernet
09:58
and wireless networks.
10:00
Radius is usually employed for authentication purposes within larger organizations. However, 802.1 x does not make it mandatory. Radius Federation allows a user's valid authentication to be shared across trusted entities. This trust must be established beforehand,
10:18
and the Radius server makes assertions about the user's identity
10:20
and other attributes.
10:24
This enables users to seamlessly roam across different wireless networks without having to re authenticate with unique credentials of another entity.
10:33
In this video I discussed many of the terminology is associated with securing WiFi networks.
10:39
Let's practice on a few quiz questions.
10:43
Question one,
10:45
also known as W P. A personal.
10:46
This is a security mechanism used to authenticate and validate users on a wireless land or WiFi connection.
10:56
The answer is
10:58
W P. A P s k. Using a pre shared key
11:03
question too.
11:05
This network authentication protocol uses digital certificate based mutual authentication, which occurs automatically with no intervention by the user.
11:16
This is the definition for
11:18
see eep t l s.
11:22
You're not getting these right. Go back and review your study material.
11:26
This concludes the video for section 6.3.
11:30
Given a scenario installing configure wireless security settings.
11:35
Reveal your study material for more information.

Up Next

CompTIA Security+

CompTIA Security Plus certification is a great place to start learning IT or cybersecurity. Take advantage of Cybrary's free Security+ training.

Instructed By

Instructor Profile Image
Ron Woerner
CEO, President, Chief Consultant at RWX Security Solutions LLC
Instructor