Pass your certification exam. Faster. Guaranteed.

Wireless Networks Transcription

Welcome to our wireless networks module. There are several ways to transmit data wirelessly. When we talk about wireless, most people think of Wi-Fi, which is defined by the IEEE 802.11 standard, but there are other ways to transmit data wirelessly. Including microwave technology, which can be used for long distances.

Microwave technology does require line of sight where both microwave dishes are required to be able to see each other. We also have infrared which is a short range line of sight technology. This was used with older cellular phones and is still used by the remote control on most televisions.

We also have narrow band radio as well as spread spectrum radio. Spread spectrum technology was derived from military communication methods and there are two variations of spread spectrum technology. We have direct-sequence spread spectrum or DSSS which is digital and uses all of the available bandwidth. We also have frequency hopping spread spectrum, or FHSS, where the signal will hop among available frequencies, and it only uses a portion of the available bandwidth.

When we talk about wireless security, the first time that security was introduced was with the Wired Equivalent Privacy, or WEP standard. WEP is a flawed technology that was designed to support authentication and encryption to increase wireless security. It uses a shared key authentication system and a symmetric algorithm known as RC4.

The technology will encrypt the data inside the packet, known as the payload, but will not encrypt the header or trailer data. The 802.11 standard specifies a 40-bit key and some vendors will offer a 104-bit key. These are commonly advertised as 64-bit or a 128-bit keys, but they are really not that length because there is a 24-bit initialization vector.

There are several security issues with WEP, including a predictable initialization vector. There is also no good method to distribute the cryptographic keys, and many companies use the same keys. RC4 is also using a 40-bit key which is too short and the encryption components do not provide for enough randomness, so it's very easy to break the encryption.

And it does not matter the length of the key, it will still be easy to break. Attackers are typically able to break into a WEP network using free tools, within just a minute or two. So it is not recommended to use WEP for your wireless security. There have been some updates to WEP to increase our wireless security.

IEEE 802.11i was the first time that we defined enhanced security standards for wireless technology. Most of the time, authentication is performed using an SSID and a pre-shared key. The SSID is the Service Set Identifier, also known as the wireless network name. So users can click on the name of the wireless network that they wish to connect to and enter a pre-shared key, or PSK, in order to gain access to the network.

However, keys can be discovered, so you may have unauthorized users accessing your wireless LAN. We refer to this as leaching, and you should use strong pass phrases to avoid attackers using a dictionary style attack to guess your pre-shared key. WPA was introduced as an improvement on WEP and WPA stands for Wi-Fi Protected Access.

WPA encrypts using session keys that are created and shared using TKIP or Temporal Key Integrity Protocol. WPA also replaced a CRC error check function in WEP with a better and more improved message integrity check. WPA2 was released as an improvement over WPA, it's the second generation. And it also enhances security by replacing the RC4 algorithm with a much stronger AES- CCMP supported on newer network interface cards.

And WPA2 is really considered to be the only level of wireless security acceptable for corporate environments. So Temporal Key Integrity Protocol or TKIP uses symmetric encryption to encrypt most of the data. It also uses single use session keys to provide great security. So if someone's able to obtain a key, it will not be in use for very long and they will no longer be able to use that key that they were able to capture.

The symmetric encryption keys are negotiated and exchanged for each user individually. And these keys are typically only used for one hour, and then there's a discarding of the key and a renegotiation. So even if an attacker is able to obtain a key, they'll only be able to view the data on the network for one hour before that key is no longer valid.

The longer the key, the stronger it will be and the harder it will be to break. And TKIP always uses a 128-bit symmetric key, and it makes intercepting and decrypting broadcast Wi-Fi traffic very difficult because of the AES encryption. We do still have a concern with man in the middle attacks, where an individual is able to trick a user to connecting to a rogue wireless access point that they configure.

And then they're able to view all of the data that's transmitted by that user. Our best symmetric encryption algorithm is AES and WPA2 does support getting rid of the RC4 protocol and replacing it with the much stronger AES which is suggested for increased security. So this slide provides us a visual of how WPA or WPA2 technology works when transmitting data.

We have our sender here at the top left and he would like to send a message. Now is the time for all good men to come to the aid of their country. This text will go through a symmetric cipher with a key that was determined on the handshake when the wireless device connected to the wireless access point.

This clear text is then converted into cyphertext and can be transmitted wirelessly over the wireless network. If anyone is able to intercept this data, they will not be able to read the data because it's cyphertext and they don't have the session key that was used to encrypt it.

When this data gets to the wireless access point, the wireless access point is then able to decrypt the data using the same symmetric key that they determined upon the handshake. And then, it can be transmitted over the ethernet network to its intended recipient. We do see a note here in red mentioning that the endpoints are insecure.

This is just letting us know that the security in this picture occurs between the sender's laptop and the wireless access point. There is no security before the traffic enters the wireless network, so that is why that endpoint is insecure. And once the traffic leaves the wireless access point and enters the wired or ethernet network, there's no longer security in place, it's just clear text being transmitted.

We generally refer to this type of encryption as end to end encryption and not link encryption. Link encryption encrypts traffic on a hop by hop basis, where Wi-Fi is not encrypting the traffic hop by hop, it's actually encrypting the traffic end to end from one device to the next.

When we refer to link encryption, this is typically provided by a service provider such as an Internet service provider. Wi-Fi encryption is only from antenna to antenna, meaning from the laptop's wireless card to the wireless access point and back. So here, we do not have link encryption in place by a service provider.

Now, the disadvantages of link encryption are that the messages are decrypted at each hop, so you're adding additional points of vulnerability. We still have to worry about rogue wireless routers with man in the middle attacks, which will trick your users into connecting to them. And then we also have some weaknesses in wireless protected setup or Wi-Fi protected setup.

This is a feature found in most routers that allows users to press a button or enter a PIN number in order to make their set up experience easier when they add a new device. The problem with this technology is it's very easy for an attacker to take advantage of it and gain access to your network.

This concludes our wireless networks module. Thank you for watching.