1
00:00:00,890 --> 00:00:01,660
Excellent.

2
00:00:01,670 --> 00:00:08,480
So a wireless network is a computer network that uses wireless data connections between network nodes.

3
00:00:08,840 --> 00:00:14,360
Wireless networks are generally implemented and administered using radio communication.

4
00:00:14,630 --> 00:00:21,500
And with this method, the costly process of introducing cables into a building can well obviously be

5
00:00:21,500 --> 00:00:22,160
avoided.

6
00:00:23,340 --> 00:00:26,190
A wireless local area network.

7
00:00:26,190 --> 00:00:27,270
W lan.

8
00:00:27,820 --> 00:00:34,210
Links two or more devices over a short distance using a wireless distribution method, usually providing

9
00:00:34,210 --> 00:00:37,720
a connection through an access point for internet access.

10
00:00:39,570 --> 00:00:48,150
I triple e 802.11 is a set of mac and physical layer specifications for implementing wireless LAN computer

11
00:00:48,150 --> 00:00:49,290
communication.

12
00:00:49,620 --> 00:00:56,010
Now they're the world's most widely used wireless computer networking standards used in most home and

13
00:00:56,040 --> 00:01:02,670
office networks to allow laptops, printers, smartphones to talk to each other and access the Internet

14
00:01:02,670 --> 00:01:04,920
without being connected to any wires.

15
00:01:05,420 --> 00:01:12,590
So for this, I'm just trying to keep it simple so I won't talk about the entire 802 11 family or the

16
00:01:12,590 --> 00:01:14,870
technical details beneath them.

17
00:01:14,900 --> 00:01:23,690
I just want to let you know that the most popular are those defined by the 802 11 B and the 802 11 G

18
00:01:23,720 --> 00:01:27,770
protocols, which are amendments to the original standard.

19
00:01:29,140 --> 00:01:36,280
So 8,002.111997 was the first wireless networking standard.

20
00:01:36,770 --> 00:01:45,200
But 802 11 be was the first widely accepted one, followed by 802 11 g and then 802 11 n.

21
00:01:45,980 --> 00:01:50,060
802 11 is an amendment that improves upon the previous.

22
00:01:50,090 --> 00:01:55,700
802 11 standards by adding multiple input multiple output antennas.

23
00:01:55,740 --> 00:01:56,600
M.T.

24
00:01:57,390 --> 00:02:05,100
So MMT, it's basically a method for multiplying the capacity of a radio link using multiple transmit

25
00:02:05,100 --> 00:02:06,600
and receive antennas.

26
00:02:08,520 --> 00:02:09,840
Nowadays.

27
00:02:10,020 --> 00:02:19,860
802 11 AC is popular, so it builds on the 802 11 and includes wider channels in the five gigahertz

28
00:02:19,860 --> 00:02:20,490
band.

29
00:02:22,960 --> 00:02:27,040
The segment of the radio frequency spectrum used by 802 11.

30
00:02:28,580 --> 00:02:30,730
Varies pretty much between countries.

31
00:02:30,740 --> 00:02:40,760
For example, in the US 802.11 A and 802.11 G devices may be operated without a license as allowed in

32
00:02:40,760 --> 00:02:41,840
the regulations.

33
00:02:42,950 --> 00:02:52,310
Wireless networks are identified using a service set identifier or Ssid or I'll call it a Ssid.

34
00:02:53,360 --> 00:03:00,560
An acid is the primary name associated with an 802 11 wireless LAN, including home networks and public

35
00:03:00,560 --> 00:03:01,430
hotspots.

36
00:03:02,180 --> 00:03:06,470
Client devices use this name to identify and join wireless networks.

37
00:03:07,320 --> 00:03:09,510
Now there are multiple kinds of acids.

38
00:03:10,010 --> 00:03:11,090
Use by itself.

39
00:03:11,090 --> 00:03:17,480
The term acid refers to the name of a wireless network, whether it be a point to point network made

40
00:03:17,490 --> 00:03:25,250
of only individual wireless clients, intercommunicating or an infrastructure network with clients relying

41
00:03:25,250 --> 00:03:27,080
on access points.

42
00:03:28,030 --> 00:03:35,680
So getting more specific, we have basic acids or B acids, which are the Mac address of the access

43
00:03:35,680 --> 00:03:36,340
point.

44
00:03:36,460 --> 00:03:44,920
The 48 bit number that uniquely identifies every wireless and every wireline for that matter, network

45
00:03:44,920 --> 00:03:45,700
interface.

46
00:03:47,020 --> 00:03:55,060
The extended acid or acid is a unique name applied to one or more access points, offering the same

47
00:03:55,060 --> 00:03:59,260
service, such as access to a single wireline network.

48
00:04:00,070 --> 00:04:06,310
Now, in some deployments, unique acids are applied to each individual access point.

49
00:04:06,340 --> 00:04:13,280
In others, all access points that offer access to the same wireline network are given identical acid

50
00:04:13,330 --> 00:04:17,950
values to help foster roaming between the various access points.

51
00:04:19,420 --> 00:04:25,180
But generally speaking, when analyzing wireless LANs, we want to discover the Bssid, the Mac address

52
00:04:25,180 --> 00:04:26,230
and the Ssid.

53
00:04:26,260 --> 00:04:33,160
The name applied to the wireless network as a whole with a unique value typically applied to each individual

54
00:04:33,160 --> 00:04:34,180
access point.

55
00:04:35,420 --> 00:04:42,350
Now, since this is a course for penetration testers, we really need to talk about the weaknesses of

56
00:04:42,350 --> 00:04:44,360
the wireless network infrastructure.

57
00:04:45,200 --> 00:04:50,660
So here are some of the most significant vectors for wireless attacks.

58
00:04:51,590 --> 00:04:52,940
Denial of service.

59
00:04:53,600 --> 00:05:01,880
Blocking legitimate users on a wireless LAN is trivially easy, even if the network is carefully constructed.

60
00:05:03,030 --> 00:05:04,830
Rogue access points.

61
00:05:05,250 --> 00:05:13,110
Employees sometimes set up unauthorized access points in an enterprise environment to bypass the legitimate

62
00:05:13,140 --> 00:05:20,100
wireless infrastructure or to gain wireless access when such an infrastructure isn't provided by the

63
00:05:20,100 --> 00:05:20,880
enterprise.

64
00:05:21,710 --> 00:05:27,710
Now, penetration testers and ethical hackers alike are sometimes required to sweep an organization's

65
00:05:27,710 --> 00:05:31,790
physical infrastructure to find these unauthorized access points.

66
00:05:32,910 --> 00:05:37,680
Lack of or improper configuration of wireless access points.

67
00:05:38,580 --> 00:05:38,940
Right.

68
00:05:38,940 --> 00:05:45,270
So if access points are not configured appropriately, attackers can have a much easier time of employing

69
00:05:45,270 --> 00:05:47,820
any of the rest of these attack vectors.

70
00:05:49,480 --> 00:05:50,590
Traffic capture.

71
00:05:50,590 --> 00:05:51,430
Intercept.

72
00:05:52,010 --> 00:05:53,150
In a wireless lan.

73
00:05:53,150 --> 00:05:55,970
The hacker can get access to the data link layer.

74
00:05:55,970 --> 00:05:57,590
Layer two communications.

75
00:05:57,590 --> 00:06:05,270
As long as he or she is in physical proximity of the device for merely capturing packets that proximity.

76
00:06:05,300 --> 00:06:08,630
For wireless lan could be a mile or more.

77
00:06:09,330 --> 00:06:13,020
Numerous wireless sniffing tools can be used in such attacks.

78
00:06:13,810 --> 00:06:15,220
Crypto attacks.

79
00:06:15,340 --> 00:06:22,810
Some wireless encryption protocols suffer from significant security weaknesses, such as the wired equivalent

80
00:06:22,810 --> 00:06:24,730
privacy WEP protocol.

81
00:06:25,800 --> 00:06:31,830
Attackers can gather web traffic and by exploiting flaws in the way cryptographic initialization vectors

82
00:06:31,830 --> 00:06:37,140
are exchanged, crack the keys to gain access to the data and the network.

83
00:06:38,930 --> 00:06:47,240
Client duping some tests, call for a penetration tester or ethical hacker to set up a bogus access

84
00:06:47,240 --> 00:06:52,880
point to see if clients will trust it and then use it to access the rest of the network.

85
00:06:53,540 --> 00:06:59,090
The attacker can then sit in the middle of all the communications harvesting them or changing the data

86
00:06:59,120 --> 00:07:00,530
as it passes by.