Welcome to CyberRays. Video Siris on the Company of Security Plus certification and example.
I'm your instructor, Rahm Warner.
This video focuses on wireless security settings found in section 6.3 of Security Plus
cryptography plays a vital role in wireless networks.
It's used to invisibly scramble the signals traversing the airwaves.
In this video, we'll discuss the following wireless security concepts,
methods for securing wireless networks,
different cryptographic protocols
and authentication methods and protocols.
As you are working through this topic, I recommend reviewing the settings on your own WiFi Network
Security Plus requires youto understand methods for connecting systems and devices via wireless networks.
The three methods you need to know our first open authentication.
This is where you on Lee need to know the S s i D.
It's the simplest but least secure option. It does not provide encryption, so therefore should be avoided.
Some open networks first require you to connect through a captive portal.
The second method should be familiar with is shared authentication
insured authentication the client and the Wireless Access Point must negotiate and share a key
prior to initiating communications.
This is known as a pre shared key or P S K.
Each end point uses the same key to connect to the WiFi network
Foreign enterprise. Large organization.
It's best to use a centralized authentication server that handles distribution of the cryptographic keys and or digital certificates. This is through Extensible Authentication Protocol, or EEP.
We'll talk a lot more about EEP Leader in this video.
It is an extension of point the point protocol, or PPP, and allows for flexibility and authentication.
This includes authentication methods beyond just a user name and password. Such a such a smart cards, one time passwords
and public key encryption and certificates.
It also provides support for public certificates that are deployed using auto enrollment or smart cards
in the early days of WiFi access point or router. Initial configuration and set up was a challenge, particularly for those who are not familiar with technology. They came up with WiFi protected set up or W. P s. You might find that symbol on your own WiFi router.
W. P s is an extension of the wireless standards whose purpose was to simplify for end users the process of establishing secure wireless home or small business networks. W. P s provides three certified modes of operation.
The first requires the user to enter a PIN code when connecting to the device. PIN could usually is included with the documentation in the WiFi device.
The second method requires the user to push a button on the access point and then connect
through another wireless device.
Last uses near field communications, or NFC. From a smart device,
check out W. P s on your own home or small business router.
Several protocols have been developed to protect wireless networks.
The primary goals of thes cryptographic protocols are to ensure the confidentiality of data send over the air as well as protect the authentication in the initial connection process.
The three should be familiar with our w e P or Web.
W P A W P. A. To
Web is the original wireless encryption standard and should not be used today.
Its goal was to provide security similar toe wired networks, but has known security issues.
It was superseded in 2003 by W. P. A.
WiFi protected access W P. A. Was developed in response
security issues with Webb.
It was implemented using a couple of different options for encryption,
the one you really need to focus on the one that is used primarily is W P A. To it. Approved on W. P. A.
Since 2006 it is required for WiFi certified devices
w p. A. To introduce the use of a yes for encryption,
and it's based on the IEEE 802.11 i standard.
What if I protected access?
W P A. Includes a method to encrypt wireless traffic between the wireless clients and the wireless access points
W p A. Securities included in the 802 that 11 based products includes a strategy for restricting network access encrypting network traffic
based on a shared key.
W p A. Protected networks require users to enter a passkey to access the wireless network and has two different modes.
W p a personal Using P S K pre shared key, it requires that password of 8 to 63 characters. Quite often, this is the one we'll use at home on all devices. Wireless network must use the same password so I know your password
that I can get into your WiFi.
This doesn't suit Enterprise Large Organization W P. A enterprise, also known as W P a 802.1 ex mode
W P A enterprise requires security certificates and uses an authentication server from which the keys can be distributed.
The third type of access associated with WiFi is the temporal key Integrity protocol, or teeth kip.
It was designed to overcome many of the limitations of Web and deliver improvements and message integrity and confidentiality.
T. Kip is based on RC four and uses a unique key with each packet.
Ticket has been depreciated since 2012 and it's no longer considered secure.
T Kip has been replaced in W. P A. To with counter mode, cipher, block, chaining message, authentication code protocol,
It's based on the advanced encryption standard, a yes encryption cipher and supports much longer keys and much more advanced security for WiFi data. Confident confidentiality, user authentication and user access control.
It combines CTR for confidentiality and TB Dash Mac for authentication
fully implements the IEEE 802.11 i 2004 WiFi security standard.
Earlier, I briefly mentioned eep or the Extensible Authentication Protocol.
It is more typical with larger organization.
The authentication process is a bit more involved because an authentication server is required.
EEP is an extension of point point. Protocol allows for flexibility and authentication.
Eat messages are encapsulated into 802.1 ex Pacnews
and are marked as a PPE overland were people.
There are four protocols used with E that provide authentication for wireless networks.
I'll discuss each of these on the next slide.
This chart compares the different protocols associated with EEP
people were protected. Eve is basically a secure wrapper around eat, and it's essential and preventing attacks on password based eep methods.
P provides several additional benefits within T l s, including encrypted authentication channel dynamic keying material from T. L s. A fast reconnected capability using cash session keys
and server authentication that guards against unauthorized access points.
Eep t. L s use a certificate based mutual authentication
negotiation of the encryption method and encrypted key
eep transport layer security, or E. T. L s uses certificate based mutual authentication,
negotiation of the encryption method and encrypted key determination between the client
and the authentic hitting server.
Most implementations of eep pls use
x 509 Digital certificates toe Authenticate the users.
We'll talk about x 509 in the next video.
Keep fast or flexible authentication via secure tunneling Protocol was developed and proposed by Cisco as replacement for the original leap
Eat fast Establishes a T. L s tunnel for authentication, but does so using a protected access credential.
E T T l s or tunnel transport layer security extends T l s
Familiarize yourself with these different extensions to eat. Earlier I mentioned about IEEE 802.1 x standard. This is the standard for port based network access Control IEEE 80 to Taiwan. Ex defines using heat over both wired Ethernet
and wireless networks.
Radius is usually employed for authentication purposes within larger organizations. However, 802.1 x does not make it mandatory. Radius Federation allows a user's valid authentication to be shared across trusted entities. This trust must be established beforehand,
and the Radius server makes assertions about the user's identity
and other attributes.
This enables users to seamlessly roam across different wireless networks without having to re authenticate with unique credentials of another entity.
In this video I discussed many of the terminology is associated with securing WiFi networks.
Let's practice on a few quiz questions.
also known as W P. A personal.
This is a security mechanism used to authenticate and validate users on a wireless land or WiFi connection.
The answer is
W P. A P s k. Using a pre shared key
This network authentication protocol uses digital certificate based mutual authentication, which occurs automatically with no intervention by the user.
This is the definition for
see eep t l s.
You're not getting these right. Go back and review your study material.
This concludes the video for section 6.3.
Given a scenario installing configure wireless security settings.
Reveal your study material for more information.