1 00:00:01,000 --> 00:00:02,920 We just spent a lot of time talking 2 00:00:02,920 --> 00:00:05,260 about wireless networks, but there are other 3 00:00:05,260 --> 00:00:07,760 wireless networks out there besides Wi-Fi. 4 00:00:07,760 --> 00:00:09,560 These include things like Bluetooth, 5 00:00:09,560 --> 00:00:12,800 RFID, Near Field Communication, cellular, 6 00:00:12,800 --> 00:00:15,640 GPS, and satellite communications. 7 00:00:15,640 --> 00:00:16,720 Previously, we've talked about 8 00:00:16,720 --> 00:00:18,340 some vulnerabilities with Bluetooth. 9 00:00:18,340 --> 00:00:20,040 I want to remind you of two big terms 10 00:00:20,040 --> 00:00:21,430 when it comes to Bluetooth. 11 00:00:21,430 --> 00:00:23,660 This is bluejacking and bluesnarfing. 12 00:00:23,660 --> 00:00:25,780 I'm covering these again because I guarantee 13 00:00:25,780 --> 00:00:27,160 you're going to get at least one question 14 00:00:27,160 --> 00:00:30,350 on test day about either bluejacking or bluesnarfing. 15 00:00:30,350 --> 00:00:33,090 CompTIA really loves to ask that for some reason. 16 00:00:33,090 --> 00:00:35,130 Bluejacking is the sending of unsolicited 17 00:00:35,130 --> 00:00:37,240 messages to Bluetooth-enabled devices 18 00:00:37,240 --> 00:00:39,620 such as mobile phones and tablets. 19 00:00:39,620 --> 00:00:40,820 Bluesnarfing, on the other hand, 20 00:00:40,820 --> 00:00:42,940 is the unauthorized access of information 21 00:00:42,940 --> 00:00:45,820 from a wireless device through a Bluetooth connection. 22 00:00:45,820 --> 00:00:47,600 So, to simplify this for the exam, 23 00:00:47,600 --> 00:00:49,040 I want you to remember this. 24 00:00:49,040 --> 00:00:51,560 Bluejacking sends information to a device 25 00:00:51,560 --> 00:00:54,500 where Bluesnarfing takes information from a device. 26 00:00:54,500 --> 00:00:55,540 If you remember those two things, 27 00:00:55,540 --> 00:00:57,420 you'll do great on the exam. 28 00:00:57,420 --> 00:00:59,090 Also, when it comes to Bluetooth, 29 00:00:59,090 --> 00:01:00,830 remember you don't want to allow your device 30 00:01:00,830 --> 00:01:01,850 to use the default PIN 31 00:01:01,850 --> 00:01:03,440 for its pairing operations. 32 00:01:03,440 --> 00:01:04,660 You should always change the PIN 33 00:01:04,660 --> 00:01:09,010 to something more secure than 1234 or 0000. 34 00:01:09,010 --> 00:01:13,387 Next, we have Radio Frequency Identification or RFID. 35 00:01:13,387 --> 00:01:15,760 RFID devices have an embedded radio frequency 36 00:01:15,760 --> 00:01:17,950 signal that's used to transmit identifying 37 00:01:17,950 --> 00:01:20,460 information about the device or the token 38 00:01:20,460 --> 00:01:22,080 to a reader that's trying to pick it up. 39 00:01:22,080 --> 00:01:24,580 RFID refers to a large category 40 00:01:24,580 --> 00:01:26,170 of devices and technologies, 41 00:01:26,170 --> 00:01:28,320 but, for the exam, the specifics of RFID 42 00:01:28,320 --> 00:01:29,760 are not that important. 43 00:01:29,760 --> 00:01:31,570 Instead, you need to focus on the fact 44 00:01:31,570 --> 00:01:34,010 that RFID devices can send information 45 00:01:34,010 --> 00:01:35,810 from a card to a reader to provide 46 00:01:35,810 --> 00:01:37,890 authentication or identification. 47 00:01:37,890 --> 00:01:39,980 For example, one of the most common devices 48 00:01:39,980 --> 00:01:42,080 that we use RFID for is a card 49 00:01:42,080 --> 00:01:43,280 that looks like a credit card, 50 00:01:43,280 --> 00:01:45,040 and can be used as part of your alarm system 51 00:01:45,040 --> 00:01:46,310 or door access system. 52 00:01:46,310 --> 00:01:48,250 So, with these cards, you can swipe your card 53 00:01:48,250 --> 00:01:50,150 over the reader, and it identifies you 54 00:01:50,150 --> 00:01:52,250 and allows you to enter the building. 55 00:01:52,250 --> 00:01:53,790 Because there are so many different types 56 00:01:53,790 --> 00:01:56,560 of RFID devices, RFID can operate 57 00:01:56,560 --> 00:01:57,980 in either very close environments 58 00:01:57,980 --> 00:01:59,440 or very far environments. 59 00:01:59,440 --> 00:02:01,050 It can be as close as 10 centimeters 60 00:02:01,050 --> 00:02:03,310 from the reader or as high as 200 meters 61 00:02:03,310 --> 00:02:04,930 from the reader, depending on the particular 62 00:02:04,930 --> 00:02:07,030 device and technology in use. 63 00:02:07,030 --> 00:02:08,760 Because of that large distance, 64 00:02:08,760 --> 00:02:11,020 RFID is subject to eavesdropping, 65 00:02:11,020 --> 00:02:13,560 the ability to capture, replay, and rebroadcast 66 00:02:13,560 --> 00:02:17,070 its radio frequency as part of a larger attack. 67 00:02:17,070 --> 00:02:18,720 To minimize the ability to eavesdrop 68 00:02:18,720 --> 00:02:20,620 on RFID, an idea called 69 00:02:20,620 --> 00:02:23,070 Near Field Communication was invented. 70 00:02:23,070 --> 00:02:25,420 Near Field Communication or NFC allows 71 00:02:25,420 --> 00:02:27,520 two devices to transmits information 72 00:02:27,520 --> 00:02:29,680 when they're in close proximity to each other. 73 00:02:29,680 --> 00:02:32,030 This occurs using an automated pairing process 74 00:02:32,030 --> 00:02:34,400 and transmission process of that data. 75 00:02:34,400 --> 00:02:36,500 For example, some cellphones have the ability 76 00:02:36,500 --> 00:02:38,280 where you can touch the cellphones together 77 00:02:38,280 --> 00:02:40,490 to pass photographs back and forth. 78 00:02:40,490 --> 00:02:43,860 Other uses of NFC are commonplace in payment systems. 79 00:02:43,860 --> 00:02:45,320 For example, I have an iPhone, 80 00:02:45,320 --> 00:02:47,140 and I can hold it over a credit card terminal 81 00:02:47,140 --> 00:02:49,240 to pay with my credit card that's linked 82 00:02:49,240 --> 00:02:50,380 through Apple Pay. 83 00:02:50,380 --> 00:02:53,180 This is an example of a Near Field Communication device. 84 00:02:53,180 --> 00:02:55,060 Just like RFID, we do have to worry 85 00:02:55,060 --> 00:02:56,600 about the possibility of interception 86 00:02:56,600 --> 00:02:58,430 of that wireless information, though, 87 00:02:58,430 --> 00:03:00,570 because it could be replayed and rebroadcast. 88 00:03:00,570 --> 00:03:02,680 Now, luckily for us, NFC does 89 00:03:02,680 --> 00:03:04,340 require the devices to be very close 90 00:03:04,340 --> 00:03:05,810 for the communication to work. 91 00:03:05,810 --> 00:03:07,090 Now, exactly how close do 92 00:03:07,090 --> 00:03:08,540 these devices need to be? 93 00:03:08,540 --> 00:03:10,610 Well, for NFC devices, this is usually 94 00:03:10,610 --> 00:03:12,740 within four centimeters for the pairing 95 00:03:12,740 --> 00:03:14,400 and transmission to occur, making 96 00:03:14,400 --> 00:03:16,870 the risk of interception fairly low. 97 00:03:16,870 --> 00:03:18,060 Now, there's a few other types 98 00:03:18,060 --> 00:03:19,800 of wireless communication out there. 99 00:03:19,800 --> 00:03:21,990 For example, your cellphone uses cellular data 100 00:03:21,990 --> 00:03:24,060 networks as part of its communication. 101 00:03:24,060 --> 00:03:27,730 This might be 2G, 3G, 4G or even LTE. 102 00:03:27,730 --> 00:03:30,120 All of these are a type of wireless network. 103 00:03:30,120 --> 00:03:32,220 As I said before, your employer should use 104 00:03:32,220 --> 00:03:34,610 cellular over wireless whenever possible 105 00:03:34,610 --> 00:03:36,500 because cellular is a point-to-point connection 106 00:03:36,500 --> 00:03:39,220 between your device and the cellphone tower. 107 00:03:39,220 --> 00:03:40,870 Yes, there are some devices out there 108 00:03:40,870 --> 00:03:42,700 that can intercept cellphone signals, 109 00:03:42,700 --> 00:03:44,760 but these are usually mostly by law enforcement 110 00:03:44,760 --> 00:03:45,880 and government organizations 111 00:03:45,880 --> 00:03:47,770 and not your typical hackers. 112 00:03:47,770 --> 00:03:50,260 Another wireless network that's out there is GPS, 113 00:03:50,260 --> 00:03:52,180 the Global Positioning System. 114 00:03:52,180 --> 00:03:54,290 We discussed the concepts of geolocation, 115 00:03:54,290 --> 00:03:56,280 geotagging, and geofencing before, 116 00:03:56,280 --> 00:03:57,970 so I'm not going to talk about those now. 117 00:03:57,970 --> 00:03:59,750 This time, I want to focus on GPS 118 00:03:59,750 --> 00:04:01,700 from the vulnerability that system has 119 00:04:01,700 --> 00:04:03,970 if your organization relies upon it. 120 00:04:03,970 --> 00:04:06,250 For example, if you use GPS as a way 121 00:04:06,250 --> 00:04:08,310 for you to know where all of your devices are 122 00:04:08,310 --> 00:04:09,560 and how your devices are going to drive 123 00:04:09,560 --> 00:04:10,730 around a parking lot, 124 00:04:10,730 --> 00:04:12,070 you need to worry a little bit 125 00:04:12,070 --> 00:04:13,810 because GPS relies on your device 126 00:04:13,810 --> 00:04:15,640 being able to receive a GPS signal 127 00:04:15,640 --> 00:04:17,620 from three of 24 satellites 128 00:04:17,620 --> 00:04:19,530 that are orbiting around the planet. 129 00:04:19,530 --> 00:04:21,470 Your device then uses that information 130 00:04:21,470 --> 00:04:23,270 to calculate your position. 131 00:04:23,270 --> 00:04:24,830 This signal, though, is very weak 132 00:04:24,830 --> 00:04:26,070 as it transmits all the way down 133 00:04:26,070 --> 00:04:27,900 from the satellite down to Earth. 134 00:04:27,900 --> 00:04:29,660 If a malicious attacker wanted to disrupt 135 00:04:29,660 --> 00:04:31,740 that communication, it doesn't take very much 136 00:04:31,740 --> 00:04:33,860 power to jam the GPS signal. 137 00:04:33,860 --> 00:04:35,740 Therefore, if your organization relies 138 00:04:35,740 --> 00:04:38,930 upon GPS, you need to design your IT systems 139 00:04:38,930 --> 00:04:41,010 to not rely solely on GPS, 140 00:04:41,010 --> 00:04:43,110 but instead, have some sort of back up function 141 00:04:43,110 --> 00:04:44,590 especially if you're using it for critical 142 00:04:44,590 --> 00:04:46,650 navigation or other functions. 143 00:04:46,650 --> 00:04:48,160 The best way to secure this particular 144 00:04:48,160 --> 00:04:50,713 vulnerability is to have redundancy in place. 145 00:04:51,580 --> 00:04:53,290 Our final type of communication network 146 00:04:53,290 --> 00:04:56,020 we need to discuss is satellite communication. 147 00:04:56,020 --> 00:04:57,500 Satellite communication is used 148 00:04:57,500 --> 00:04:59,230 for long-distance communicating 149 00:04:59,230 --> 00:05:01,000 over large distances in areas 150 00:05:01,000 --> 00:05:03,220 that other networks may not be around. 151 00:05:03,220 --> 00:05:05,310 You may use this to connect to viewer networks 152 00:05:05,310 --> 00:05:07,460 or connect yourself to the Internet. 153 00:05:07,460 --> 00:05:09,230 Satellite is heavily used in areas 154 00:05:09,230 --> 00:05:10,760 that other normal communication networks 155 00:05:10,760 --> 00:05:12,140 simply can't reach. 156 00:05:12,140 --> 00:05:14,130 For example, if you're the adventurous type 157 00:05:14,130 --> 00:05:14,980 and you're climbing a mountain 158 00:05:14,980 --> 00:05:16,270 in a remote area of the world, 159 00:05:16,270 --> 00:05:18,470 it's unlikely that they have a fiber optic cable 160 00:05:18,470 --> 00:05:20,180 or cellphone service up there. 161 00:05:20,180 --> 00:05:21,550 But you could bring a satellite phone 162 00:05:21,550 --> 00:05:23,390 with you and you could still remain connected 163 00:05:23,390 --> 00:05:25,260 and be able to reach back to the ground stations, 164 00:05:25,260 --> 00:05:26,900 in case an emergency happens. 165 00:05:26,900 --> 00:05:28,590 Another area that satellites are commonly 166 00:05:28,590 --> 00:05:30,720 used for is for merchant mariners. 167 00:05:30,720 --> 00:05:32,370 As they're traveling around the oceans, 168 00:05:32,370 --> 00:05:33,820 they don't have any fiber optic lines 169 00:05:33,820 --> 00:05:34,970 in the middle of the Pacific, 170 00:05:34,970 --> 00:05:36,220 and so, they have to use satellite 171 00:05:36,220 --> 00:05:38,070 as a way to reach back to shore. 172 00:05:38,070 --> 00:05:39,640 For most of us, though, we're not going to 173 00:05:39,640 --> 00:05:41,560 be relying on satellite communications. 174 00:05:41,560 --> 00:05:43,570 If your organization does have a particular need 175 00:05:43,570 --> 00:05:45,480 that can't be met by other methods, 176 00:05:45,480 --> 00:05:46,440 satellite is something 177 00:05:46,440 --> 00:05:48,050 that you could consider, though. 178 00:05:48,050 --> 00:05:49,910 Satellite, like other wireless communication 179 00:05:49,910 --> 00:05:51,690 networks, is subject to interference, 180 00:05:51,690 --> 00:05:53,690 jamming, and interception of data 181 00:05:53,690 --> 00:05:56,010 because it's being transmitted over the air. 182 00:05:56,010 --> 00:05:57,610 For this reason, you always want to 183 00:05:57,610 --> 00:05:59,360 encrypt your data whenever you're traveling 184 00:05:59,360 --> 00:06:00,660 over any wireless network 185 00:06:00,660 --> 00:06:02,410 including satellite communications.