Wireless networks are insecure by default until administrators add security controls. This is due to their very nature—they use radio transmissions that may be intercepted by anyone with an antenna. In this video, learn about wireless eavesdropping attacks, such as those waged on WEP.
- [Instructor] Wireless networks are insecure by default until administrators add security controls. This is due to the very nature of wireless networks. They use radio transmissions that may be intercepted by anyone with an antenna. Security professionals use encryption to protect the confidentiality of information sent over wireless networks. Let's take a look at attacks that allow eavesdroppers to defeat wireless network security. Wireless networks are everywhere. They use a standard technology called wireless fidelity, or as most of us know it, wifi.
The Institute of Electrical and Electronics Engineers is responsible for telling the world how to make wifi work, and they do so in a standard document called 802.11. For this reason, you'll sometimes hear the term 802.11 network thrown around in technical circles. When people say this, they're simply talking about wifi. One of the features of wifi is that networks advertise their presence. That's how you know a wifi network exists when you walk into a coffee shop or airport. Every wifi network has a short name, known as its Service Set Identifier or SSID.
That's often something like Free Wifi Guest or other names that pop up on your phone frequently. Wireless networks use a technique known as beaconing to tell nearby devices that they are available for connection. Beaconing, while common, is optional. Networks that don't want to advertise their presence can disable beaconing. Users who know that the network is there can configure it manually. Wifi is a huge convenience for users, but it also introduces security concerns that didn't exist on wired networks.
When I'm plugged into a network jack on the wall, eavesdropping on that connection requires either physically tapping the cable, or compromising a network device. Wifi, on the other hand, uses radio signals that anyone can pluck out of the air with some very basic equipment and an antenna. This makes encryption critical for protecting the security of wireless networks. Encryption hides the true content of network traffic from those who do not have the encryption key. It takes an insecure communications technology, radio waves, and makes it secure.
You have four options when it comes to wireless encryption. Two of them are bad. Using no encryption at all and sending messages in the clear open to anyone certainly isn't a good idea. You also don't want to use a technology known as Wired Equivalent Privacy or WEP. WEP uses very weak encryption that is easy to hack. We'll talk more about that in a moment. Two wireless encryption options are much better. Wi-Fi protected Access, WPA, uses the Temporal Key Integrity Protocol, TKIP, to add security that WEP doesn't have.
TKIP changes the encryption key for each packet, preventing an attacker from discovering the key after monitoring the network for a long period of time. Security researchers have demonstrated some theoretical attacks against WPA, but it is still widely used and considered safe. We'll talk more about WPA attacks in the next video. The current best practice for wifi security is using WPA version 2. WPA2 uses an encryption protocol that is based upon the Advanced Encryption Standard or AES.
This protocol has a really long name, Counter Mode Cipher Block Chaining Message Authentication Code Protocol. Fortunately, you just need to know it as CCMP. So how might an attacker take advantage of WEP? When you set up a new WEP connection, the computer and access point exchange an Initialization Vector, or IV, that helps get the connection established. This IV is sent without encryption, because it is used to create the encrypted channel. If an attacker captures enough different Initialization Vectors, he or she can reconstruct the encryption key.
Fortunately, you don't need to know the mathematical details behind how this attack works, because they're pretty complicated. But it is important as you prepare for the Security Plus Exam that you know that WEP attacks rely upon capturing Initialization Vectors. As we discussed, WEP encryption is false advertising. The term wired equivalent privacy is a misnomer. Software utilities make it incredibly easy to crack WEP encryption, so administrators should choose the secured WPA2 alternative.
- Comparing viruses, worms, and Trojans
- Backdoors and logic bombs
- Understanding the attacker
- Attack types: from denial of service to brute force attacks
- Preventing insider threats
- Wireless attacks
- Understanding cross-site scripting
- Preventing SQL injection
- Social engineering
- Scanning for vulnerabilities
- Penetration testing
- Assessing the impact of vulnerabilities