Wi-Fi technologies may introduce security concerns of their own. In this video, learn about various attacks against Wi-Fi Protected Access (WPA) and Wi-Fi Protected Setup (WPS).
- [Announcer] In the previous video, you learned how attackers can easily defeat WEP encryption on wireless networks. In this video, let's take a look at how new attack techniques threaten to undermine the security of newer encryption technologies. Recall that there are four ways to protect traffic on a wireless network. We've already discussed how two of those are woefully inadequate. Running unencrypted wireless networks leaves communications open for anyone to intercept. Using wired equivalent privacy, or WEP, provides a false sense of security because it is easily hacked.
Let's talk a little more about wi-fi protected access, or WPA. WPA, like WEP, relies upon the RC4 encryption standard. If you recall, the problem with WEP is that hackers monitoring the network for a long period of time can gather enough clear-text information to determine the encryption key, which never changes. WPA adds a new twist to WEP: the temporal key integrity protocol, or TKIP. That's just a fancy way of saying that the encryption key changes all the time.
With TKIP, the encryption key changes for each packet sent over the network. This makes it impossible for an attacker to gather a lot of traffic encrypted with the same key. So, is WPA secure? That's actually a difficult question to answer. Most people believe that WPA is indeed secure, and it is widely used. Researchers have described some attacks against WPA, however, that use characteristics of TKIP to perform limited decryption of network traffic, and potentially insert unauthorized packets into a network stream.
The bottom line is that you should probably play it safe. If you have the choice, use WPA2. WPA2 does not use TKIP, so it is not vulnerable to this problem. Researchers have not yet identified any significant security vulnerabilities in the CCMP-based WPA2. Let's turn our attention now to a different wireless security issue. This involves a technology known as wi-fi protected setup, or WPS. The purpose of WPS is to make it easy for users to connect new devices to a wireless network, particularly in a home environment.
When connecting a new device using wi-fi protected setup, users have two options. First, they can press a WPS button on both devices and let them establish the connection automatically. Second, they can use an eight-digit WPS PIN, printed on the bottom of the access point, to establish the connection. That might sound secure. After all, there are 11 million possible PINs, and it would take a while to guess all of those. Unfortunately, cryptographers discovered a mathematical flaw in the WPS algorithm that makes it easy to guess the PIN.
Attackers can determine a WPS PIN with only 11,000 guesses. And, once you have the PIN, you can easily determine the encryption key and gain access to all communications on the network. The real kicker? You can't change the WPS PIN on a device. You won't often find WPS on business-class wi-fi access points. But, when you do, be sure to disable the technology. The bottom line is that security professionals configuring wireless networks should always opt for the latest encryption technology.
WPA2 provides the strongest available encryption, and remains secure against all known attacks. It's the only way to go when it comes to wireless security.
- Comparing viruses, worms, and Trojans
- Backdoors and logic bombs
- Understanding the attacker
- Attack types: from denial of service to brute force attacks
- Preventing insider threats
- Wireless attacks
- Understanding cross-site scripting
- Preventing SQL injection
- Social engineering
- Scanning for vulnerabilities
- Penetration testing
- Assessing the impact of vulnerabilities