1

00:00:00,790 --> 00:00:02,600

<v ->Wireless encryption.</v>



2

00:00:02,600 --> 00:00:04,950

Another huge vulnerability in wireless networks



3

00:00:04,950 --> 00:00:07,380

is the encryption that you choose to use.



4

00:00:07,380 --> 00:00:09,460

In this lesson, we're going to do a quick review



5

00:00:09,460 --> 00:00:10,930

of wireless encryption types



6

00:00:10,930 --> 00:00:13,200

that you learned back in your Network+ studies.



7

00:00:13,200 --> 00:00:14,160

The reason for this



8

00:00:14,160 --> 00:00:16,464

is because encryption of your data being transmitted



9

00:00:16,464 --> 00:00:17,790

is going to be paramount



10

00:00:17,790 --> 00:00:20,580

to increasing the security of your wireless networks.



11

00:00:20,580 --> 00:00:22,980

Now, most wireless encryption schemes rely



12

00:00:22,980 --> 00:00:24,580

on a pre-shared key.



13

00:00:24,580 --> 00:00:26,540

This is when the access point and the client



14

00:00:26,540 --> 00:00:30,240

use the same encryption key to encrypt and decrypt the data.



15

00:00:30,240 --> 00:00:33,220

The problem with this is scalability becomes difficult.



16

00:00:33,220 --> 00:00:34,790

Think about it, when a friend comes over to your house,



17

00:00:34,790 --> 00:00:35,830

to use your Wi-Fi,



18

00:00:35,830 --> 00:00:37,470

you have to tell him your password.



19

00:00:37,470 --> 00:00:39,140

Now, if you have 50 friends come over,



20

00:00:39,140 --> 00:00:41,250

you're going to tell 50 different people your password,



21

00:00:41,250 --> 00:00:43,830

and now, all 50 of them know your password.



22

00:00:43,830 --> 00:00:45,590

And so, this is one of the first problems



23

00:00:45,590 --> 00:00:47,200

that we have with wireless encryption,



24

00:00:47,200 --> 00:00:48,810

is that if you're going to use a pre-shared key,



25

00:00:48,810 --> 00:00:49,990

you've got to figure out a secure way



26

00:00:49,990 --> 00:00:51,670

to distribute that key to everybody,



27

00:00:51,670 --> 00:00:53,010

and keep it secret.



28

00:00:53,010 --> 00:00:54,950

If all 50 people know your password,



29

00:00:54,950 --> 00:00:56,931

then it's probably not that secret anymore.



30

00:00:56,931 --> 00:00:59,280

Now, there are three main types of encryption



31

00:00:59,280 --> 00:01:01,280

that are in use from wireless networks.



32

00:01:01,280 --> 00:01:04,800

We have WEP, WPA, and WPA2.



33

00:01:04,800 --> 00:01:06,250

WEP is our first one.



34

00:01:06,250 --> 00:01:08,530

WEP is the Wired Equivalent Privacy.



35

00:01:08,530 --> 00:01:09,720

This came from the original



36

00:01:09,720 --> 00:01:12,000

802.11 wireless security standard,



37

00:01:12,000 --> 00:01:15,090

and it claimed to be as secure as a wired network.



38

00:01:15,090 --> 00:01:16,130

I'm going to prove this wrong to you,



39

00:01:16,130 --> 00:01:17,380

in our demonstration later,



40

00:01:17,380 --> 00:01:18,960

because we're going to brute force WEP,



41

00:01:18,960 --> 00:01:21,280

and break it in about three minutes.



42

00:01:21,280 --> 00:01:22,420

WEP was originally used



43

00:01:22,420 --> 00:01:25,280

with a static 40-bit pre-shared encryption key,



44

00:01:25,280 --> 00:01:27,650

but later it was upgraded to a 64-bit key,



45

00:01:27,650 --> 00:01:30,330

and then, again, to a 128-bit key.



46

00:01:30,330 --> 00:01:32,210

This isn't the main problem with WEP, though.



47

00:01:32,210 --> 00:01:35,280

The main problem is a 24-bit Initialization Vector,



48

00:01:35,280 --> 00:01:38,270

or IV, that it uses in establishing the connection,



49

00:01:38,270 --> 00:01:39,911

and it's sent in clear text.



50

00:01:39,911 --> 00:01:42,300

As I said, WEP is not very secure,



51

00:01:42,300 --> 00:01:44,780

and because of this weak Initialization Vector,



52

00:01:44,780 --> 00:01:46,220

we're going to be able to brute force WEP



53

00:01:46,220 --> 00:01:47,200

in just a couple of minutes,



54

00:01:47,200 --> 00:01:50,240

using using Aircrack-Ng and other tools.



55

00:01:50,240 --> 00:01:53,500

So, to replace WEP, they came up with WPA.



56

00:01:53,500 --> 00:01:56,610

WPA is the Wi-Fi Protected Access standard.



57

00:01:56,610 --> 00:01:59,860

It uses a Temporal Key Integrity Protocol, or TKIP,



58

00:01:59,860 --> 00:02:02,500

which uses a 48-bit Initialization Vector



59

00:02:02,500 --> 00:02:06,010

instead of the 24-bit Initialization Vector used by WEP.



60

00:02:06,010 --> 00:02:08,640

The encryption that it uses is the Rivest Cipher 4,



61

00:02:08,640 --> 00:02:12,343

or RC4, and it added Message Integrity Checking, or MIC.



62

00:02:13,200 --> 00:02:14,510

And it uses all of this



63

00:02:14,510 --> 00:02:16,080

to make sure that the data is secure,



64

00:02:16,080 --> 00:02:18,560

and ensuring that it's not modified in transit.



65

00:02:18,560 --> 00:02:20,560

Overall, it's a pretty good standard,



66

00:02:20,560 --> 00:02:22,240

but it does have some flaws,



67

00:02:22,240 --> 00:02:25,540

and so version 2 was released to fix those.



68

00:02:25,540 --> 00:02:29,500

WPA version 2, or Wi-Fi Protected Access version 2



69

00:02:29,500 --> 00:02:32,670

was created as part of the 802.11i standard



70

00:02:32,670 --> 00:02:33,980

to provide stronger encryption



71

00:02:33,980 --> 00:02:35,680

and better integrity checking.



72

00:02:35,680 --> 00:02:38,420

The integrity checking is conducted through CCMP,



73

00:02:38,420 --> 00:02:39,490

which is the Counter Mode



74

00:02:39,490 --> 00:02:40,650

with Cipher Block Chaining



75

00:02:40,650 --> 00:02:42,770

Message Authentication Code Protocol.



76

00:02:42,770 --> 00:02:44,800

And the encryption uses AES,



77

00:02:44,800 --> 00:02:46,930

the Advanced Encryption Standard.



78

00:02:46,930 --> 00:02:49,930

AES supports a 128-bit key or higher,



79

00:02:49,930 --> 00:02:52,610

and WPA2 uses either a personal mode,



80

00:02:52,610 --> 00:02:55,100

with pretty short keys, or an enterprise mode,



81

00:02:55,100 --> 00:02:57,730

with centralized authentication via a radio server,



82

00:02:57,730 --> 00:02:59,250

or another centralized server,



83

00:02:59,250 --> 00:03:02,850

to handle that password distribution we were talking about.



84

00:03:02,850 --> 00:03:04,680

Now, I want to pause here for a second,



85

00:03:04,680 --> 00:03:05,930

and before we go any further,



86

00:03:05,930 --> 00:03:08,190

give you a couple of quick exam tips.



87

00:03:08,190 --> 00:03:10,190

First, if you're asked about Wi-Fi,



88

00:03:10,190 --> 00:03:12,090

and it uses the word Open in the question,



89

00:03:12,090 --> 00:03:14,040

it's usually looking for some kind of answer



90

00:03:14,040 --> 00:03:17,450

that says the network has no security, or no protection.



91

00:03:17,450 --> 00:03:18,550

If they mention WEP,



92

00:03:18,550 --> 00:03:21,050

I want you to think about Initialization Vector.



93

00:03:21,050 --> 00:03:22,540

If they mention WPA,



94

00:03:22,540 --> 00:03:25,150

you should be thinking about RC4 and TKIP.



95

00:03:25,150 --> 00:03:26,690

If they mention WPA2,



96

00:03:26,690 --> 00:03:29,870

you should be thinking about AES and CCMP.



97

00:03:29,870 --> 00:03:32,350

You keep those little things as study tips in your mind,



98

00:03:32,350 --> 00:03:35,170

you're going to do well on the wireless encryption questions.



99

00:03:35,170 --> 00:03:36,900

Now, there's a couple other things to mention



100

00:03:36,900 --> 00:03:38,830

in regards to wireless encryption.



101

00:03:38,830 --> 00:03:40,920

One goes back to my old favorite saying,



102

00:03:40,920 --> 00:03:44,160

if we make operations easier, then security is reduced.



103

00:03:44,160 --> 00:03:47,220

And, that's exactly what happened with WPS.



104

00:03:47,220 --> 00:03:50,460

WPS is the Wi-Fi Protected Setup, which was designed



105

00:03:50,460 --> 00:03:53,010

to make setting up new wireless devices easier.



106

00:03:53,010 --> 00:03:54,230

For example, if you have a new printer



107

00:03:54,230 --> 00:03:55,230

you want to configure,



108

00:03:55,230 --> 00:03:57,430

you'd push a button on your wireless access point,



109

00:03:57,430 --> 00:03:58,950

you'd push a button on the printer,



110

00:03:58,950 --> 00:04:00,920

and you'd enter a PIN number, and boom,



111

00:04:00,920 --> 00:04:02,630

those devices would do a handshake,



112

00:04:02,630 --> 00:04:04,500

they would pass over the secret credentials,



113

00:04:04,500 --> 00:04:06,330

and both would now be encrypted.



114

00:04:06,330 --> 00:04:10,060

This is great, but, it was horribly executed.



115

00:04:10,060 --> 00:04:12,570

WPS relies on an eight-digit code,



116

00:04:12,570 --> 00:04:13,810

but when they sent that code,



117

00:04:13,810 --> 00:04:16,500

they actually break it up into two four-digit chunks.



118

00:04:16,500 --> 00:04:18,890

This takes something that would have been eight-digits long,



119

00:04:18,890 --> 00:04:21,140

and, essentially, makes it four-digits long.



120

00:04:21,140 --> 00:04:23,300

And that makes it a lot easier to brute force,



121

00:04:23,300 --> 00:04:25,690

because each four-digit chunk only has



122

00:04:25,690 --> 00:04:27,740

10,000 possible combinations.



123

00:04:27,740 --> 00:04:29,020

Your computer and my computer



124

00:04:29,020 --> 00:04:32,100

can go through 10,000 combination pretty darn quickly,



125

00:04:32,100 --> 00:04:33,910

and brute force that password.



126

00:04:33,910 --> 00:04:35,640

Now, in my Wi-Fi hacking course,



127

00:04:35,640 --> 00:04:37,680

I actually show you how to break WPS,



128

00:04:37,680 --> 00:04:39,430

and how to break through all these different networks,



129

00:04:39,430 --> 00:04:41,470

but for the Security+, what you need to know



130

00:04:41,470 --> 00:04:44,360

is that WPS is bad, it's vulnerable,



131

00:04:44,360 --> 00:04:45,400

and it should be disabled



132

00:04:45,400 --> 00:04:47,710

on all of your wireless access points.



133

00:04:47,710 --> 00:04:50,630

Finally, in addition to using the WPA2 standard



134

00:04:50,630 --> 00:04:51,640

for your encryption,



135

00:04:51,640 --> 00:04:54,930

you should also set up a VPN for your wireless devices.



136

00:04:54,930 --> 00:04:57,720

Anytime you connect to a Wi-Fi, even your own,



137

00:04:57,720 --> 00:04:59,080

you should always use a VPN



138

00:04:59,080 --> 00:05:01,290

to protect the data that's going across it.



139

00:05:01,290 --> 00:05:04,990

Never, never, never, never, never trust a wireless network.



140

00:05:04,990 --> 00:05:07,640

If you use one, you should always have a VPN.



141

00:05:07,640 --> 00:05:08,830

This is an encrypted tunnel



142

00:05:08,830 --> 00:05:11,150

inside of this encrypted wireless tunnel



143

00:05:11,150 --> 00:05:12,280

that adds security.



144

00:05:12,280 --> 00:05:14,750

Trust me, encryption and VPNs are your friend



145

00:05:14,750 --> 00:05:16,120

on the Security+ exam.



146

00:05:16,120 --> 00:05:18,070

They're almost never the wrong answer.



147

00:05:18,070 --> 00:05:20,840

Those two things come up time and time again.



148

00:05:20,840 --> 00:05:23,540

Remember, you can have an encrypted WPA2 tunnel,



149

00:05:23,540 --> 00:05:26,290

and then put a VPN encrypted inside of it.



150

00:05:26,290 --> 00:05:27,910

That gives you two layers of encryption



151

00:05:27,910 --> 00:05:30,793

and makes your wireless networks much, much more secure.