CWSP-206: CWSP Certified Wireless Security Professional certification video training course by prepaway along with practice test questions and answers, study guide and exam dumps provides the ultimate training package to help you pass.

Module 02 - Legacy Security

11. VPN Tunneling Protocols

So, as a recap, there are different types of tunnelling protocols. The first one I mentioned was PPTP, or the point-to-point tunnelling protocol. It used what was called the MPE, or Microsoft Point-to-Point encryption based on RC Four.It, too, had flaws, as did RCFour with its smaller keys scenario tax. But it's still available to you to use if you wanted to use something like remote access on a Microsoft server and have a home user connect from some other location.

The layer-two tunnelling protocol does not support encryption by default. In other words, it was just tunneling. Now, layer-two tunnelling is just what it sounds like. I kind of described layer three, didn't I, with the IP addresses? So it's tunnelling over a network. Basically, we're adding on a header that gets us through the common network, and then we can take those headers off and get the original IP packets. However, we could also incorporate it into IPsec, a layer-2 tunneling protocol. But by itself, IPsec has what's called a tunnel mode. And like I said, it's very flexible.

It still supports encryptions that we don't like, like the Data Encryption Standard. But it also supported Triple-DES and AES, the advanced encryption standard. It had flexible hashing. Again, you could use message 5, Shaw 1, Shaw 2. Some of those hashes certainly helped us with authentication and certainly helped us make sure that the integrity was good. And it used Diffie-Hellman, which was kind of an asymmetric encryption protocol. But it really was mathematical magic that the two sides could exchange an encryption key without exchanging the encryption key. Yes, I did it mathematically with exponents and logarithms. But I don't think you want to have a math course right now, so just take my word for it. Defy Hellman was also free and cheap.

12. MAC Filters

One of our earlier methods of doing security was this thing called the Mac address filter. So, with media access control, the address is typically burned into the card. The Bia, or burned-in address, is what we call it. And every vendor that creates a network card should have a bunch of addresses burned into the Ethernet nick. But it's also something you can change and assign.

So the access points use your Mac address to help identify a client at layer 2 too. So if I drop my laptop up here and my access point, and you're making the connection, it's going to ask the question, "What's your Mac address?" Because it needs to know your Mac address to be able to send you any replies. That way, your machine knows that the reply was meant for you. So we could apply restrictions to an access point and say that only certain Mac addresses are allowed to connect.

We call that Mac address filtering. So, let's say I come into your network and want to use your services, even if you're using open authentication. Open authentication means you don't need any usernames or passwords, but my Mac address is blocked—or, I should say, not allowed. And so I can't make an association with your access point, even though it's open. So one of the things I could do is just listen to this transmission because, even with encryption—remember what I said—your Mac address is not encrypted. I could, as an example, go to the properties of my network card, in this case an example of an Intel Pro, go to the Advanced Properties tab, and go to this thing that says locally administered address.

And I can make my Mac address the same as what I heard from this guy. And so now I have a system with a Mac address that has been allowed on your access point. So it didn't take much to be able to break through that security rule. And that's where you should remember that Mac addresses can be spoofed. And as I said, anyone within range can see the Mac address. And as I said before, it's AES that's never going to be encrypted. If you didn't have a driver, maybe you bought a cheap $2 network card off the back of a truck or something like that. There were lots of programmes like Mac OS that you could run that would allow you to spoof your Mac address without having the properties to do so in the actual driver of the network card.

13. SSID Segmentation

I know that I've already talked about VLANs, but kind of in a higher-level overview. We use VLANs to segment traffic. Remember, my goal was that when we had a switch and I put some ports like I said, these ports would be in VLAN 20, not VLAN ten. And I guess I have room for another VLAN, VLAN 30, here. As traffic would come into an interface in VLAN 10, it could only leave another interface that's in VLAN 10. It could not cross over.

It would be blocked and wouldn't be allowed. It gave us that segmentation. Originally, we created VLANs to make broadcast domains so that we could control broadcast traffic because they're not meant to be impossible to cross. You just have to go through another device to be able to do it. Well, we can also say that some VLANs—we might say the top ten VLANs—get to the local area network. We might say the 20 VLAN goes to the server farm and the 30 VLAN goes to the Internet.

Maybe if we had a 40 VLAN, we could say that could be for voice over IP. We no longer use them to control broadcast domains; we never have. We use them to segment traffic on a wired network for protection. As a result, we must go through a device that may have a set of rules that determine when you can and cannot cross from one VLAN to the other. And the other thing we could do is if we had—maybe even a different aspect—my access point over here might have an SSID that says land or whatever. I made the SSID.

And another common one we often see is "guest," where the land one requires authentication and the guest is open to anybody that comes in. So, because my laptop was passively listening for SSIDs, it saw both the LAN and the guest, and they both tried to connect to the LAN. Well, then, they need a username and password, and if they don't know them, they're not getting in. They connect to guests, then they're open, and because they picked this SSID that we'd associate with VLAN 30, you know that is their VLAN. So their traffic hits the access point with a tag of 30, and the only place they can go is to the Internet.

And that's one way of doing segmentation. So we can assign an SSID to different VLANs for that purpose of security and segmentation as well. Each one of those can have a separate set of security rules, even with AAA on one of them. Now, it is always best to keep data and voice separate on your VLAN. If I go back to the wired switch, this is where we normally see these VLANs on a wired switch. But we can have wireless if we have a voice over IP phone.

If you don't recognise that, that's one of those old phones where you had to actually spin a dial to dial your number and have a little handset on top. If you're not old enough to know that you've got to spin a wheel to dial, then I guess I'm envious because I'm old enough to remember. But that's how I draw my phones. And so the idea was that the PC would connect to the phone, and the phone would connect to the switch, and they'd all be connected to the same port.

The issue was that if there was another person out there who was possibly just a PC, this would be the data VLAN and this would be the voice VLAN. Here's a PC that might only be on the data VLAN. But if they were on the same VLAN as voice, they could actually tap into your phone calls. They have a high chance of listening in on your conversations. So by segmenting again and having a separate voice VLAN, we are making sure that those who are on the data VLAN can't see each other, but any other phone would be on the voice VLAN, and then they could talk. And then, like I said, the other one you should consider is having as a guest or giving guests access.

14. SSID Cloaking

Now, another type of security is sometimes what I call "security by obscurity." One of them was SSID cloaking. So the idea was that most access points would always broadcast or periodically announce the SSID or how many SSIDs they were managing by default. so that everybody within the radio range is going to be able to know that there's an available network. Remember the SSID service set identifier? It is really just the name of that particular wireless network. That means that anyone in range, running any type of operating system with a wireless card, will be able to access the list.

Maybe it'll take 30 seconds by the time you turn it on, but once you start seeing the list fill out, it tells you the strength of the range. Well, there are a lot of things that are coming through. We'll get more into that, and we'll talk about management frames at a later time. So, what some people do is disable the broadcast of the SSID.

That doesn't mean that the actual name doesn't exist. It just means that the access point is not going to blurt out the SSIDs. So then if you turn on your Windows machine, for example, and you go to your little settings on your wireless card and you look at the list of SSIDs, you don't see it; it's not there. But that doesn't mean you can't find it because there are two options. One option is to create a new wireless network in Windows by simply typing in the network's SSID and going through the association process as long as it exists.

Or you can do active scans. There are many tools that will actively set out probes to make the access point speak up and say, "Oh, here's my SSID." Or if there's already somebody connected to it, you can see that back-and-forth exchange. So, I mean, it's really not security. It's just one extra step. Maybe it keeps what I call the "war drivers" or "war walkers" from knowing about your network as a driver. but that's about it. It really can be easily found by anyone sniffing the network.

15. Demo - Security Associations

So what we're going to do right now is look at some of the options we have for types of security. And the two that we talked about in this module were open authentication and the use of the Web. And so I would like to demonstrate both of them. So we can see that I'm about to go into the Oh my God mode. So I have to log back in. Let me open this back up again. So I'm going to set the security options to none. That should be open authentication.

I'll apply it. It'll take a couple of seconds for the settings to be updated as it updates our wireless access point, as you can see here, and then when that's done, we're going to see what it takes to associate with that particular card, or I should say with that access point, which shouldn't be anything. So, once we get those updated settings, you'll notice that the SSID for this particular access point is just plain old Netgear. So that's the one I'm going to connect to. And with the none setting, as you saw, I should be able to get right on there right away. Now here's the next gear: So notice as I put this up here and hover over it, it says the signal strength is excellent. It should be; it's only about 3 feet away.

Security type tells you that it is unsecured, and that's part of the management frames that are going back and forth between my computer and the access point where they talk about what security settings they want. Now, I don't know if I want to try to connect just yet. I'm waiting for the settings to finish updating, and sometimes it does take a little bit of work for these to come back. There we go: security options. So I'll click on Connect, and there you can see that it asked me for no password whatsoever and let me make that connection. And just to make sure, if I go to the attached devices, you can see that I actually have a wired and wireless connection. This 100-three IP address is the wireless network card, and that's the Mac address for the wireless network card. So we made it there. We got to that point in terms of security.

Web was the next topic we discussed. Remember that what Web does is generate up to four distinct passwords, or, as I prefer to call them, encryption keys. And as long as you use one of those keys when you make the connection, we should be good. In fact, just to double check, let MediSecure disconnect from that gear, and as far as the password, it can be anything that you want.

So we'll just make sure the same security is good and generate some of these random hexadecimal values again. I'm going to just highlight it and copy it. So I don't have to write this down and remember what it is, and I do have to apply my changes again. So one more time it's going to go through the updating of the settings to use WET, the wired equivalency protocol, and when it's done with that I will try to reassociate with that particular wireless network. But I should be prompted to enter the encryption key, and I must, of course, have the correct key, or else I will fail. Now remember, as we said in this module, that is not a type of authentication.

It really is just about encrypting the data that's going back and forth from me to that access point. And when that's done, I'm actually going to type it in wrong just so you can see the error message, and then I'll type it in correctly so you can see that it shows up as successful as we're going through trying to use Web, and I really only need to have one of those four keys. As we said, everybody can use the same key. Aside from being easy to crack, the weakness of Web is that some people may share that key with others in the office or nearby, resulting in unauthorised connections.

But as far as the access point is concerned, it would be authorised because they knew the key. So just a couple more seconds here while I wait for it to finish updating the settings. Alright, so we have the security options as Wet, I copied this key, and what I'm going to try to do is connect to Netgear, and we don't want to connect automatically. From there, we're going to do a little pasting, and like I said, I'm going to put the wrong value in. I'm just going to get rid of that last character and click on okay, hoping to get a message that says that was not the right one. At least it will pop up thatsays couldn't connect to that network. And if that's the case, I'll replace it.

Yes, I was unable to connect with the negative. So let's try it again. Now remember that these values for Web are hexadecimal, which means that they are not case-sensitive. So if you wanted to make a lowercase bead, that would have been fine. Looks like I didn't particularly like that one primarily.Let's try one more time. And by the way, if you are ever worried about somebody eavesdropping and watching you over your shoulder, you can always do this little hide character and type it in so they can't see what you're doing. And it appears that we are now able to connect to the internet via Netgear. Now one of the things to remember is that the way I'm playing around with this is that as I'm going through this, these settings are remembered by Windows.

And if I start doing some of these other security options that you see over here and making the changes, I very well could have a problem with Windows telling me that the credentials that they had before don't work. So one of the things you can do is go over to Control Panel (that's not ControlPanel), or you can right-click on your network card, go to the Open Network and Sharing Center, and go over here to manage wireless networks. And if you have any that are saved, they'd be in a list right here. and you could Basically, I don't have any because I didn't do a connect automatically, but if I did, then you could click on it in this list and delete it. and that sometimes gets rid of those previous settings.

That's a little bit of an annoyance. That's an issue, obviously, with Windows and what they're doing. So, if I disconnect and then come back here and say, "Put this connected automatically," let's see if it'll do it now, right? Let us do it, and then we'll go check to see if it saved that network. Okay, so I'm connected, and I come back over here to my Manage Wireless Network page. There you go. That's what I was getting at, which is that you can then just remove it as you need to, so you don't have to keep it in there forever.

That's just a side note. Now, remember that with Web, we did say that they have the option of 64-bit or 128-bit keys. If I'm doing a 128-bit key, let's see what happens if I put in security as good again, generate, and see if that changes that. So now we have a much longer key to put in there. And again, it's accidental. Well, every number represents four bits. So if you were to see how many of these you have and probably do the math, you'd come up with 128 bits. So those are the options that we talked about early on, which were no security and web security, and how we generate these keys. And everything I said, of course, about the Web is something to remember.

It's not the best choice. It's not as secure as you'd like it to be. The 6428 bit is still present. In this case, the authentication type says "auto." I suppose I could have done a shared key, but right now I just wanted to present how we could do the open authentication. The none up appears to be requesting that I reauthenticate myself with this thing. There we go. Or, like I said, we could have done the Web. And those are the two types that we covered when we went through this module of some of the legacy types of security, or maybe no security.

Prepaway's CWSP-206: CWSP Certified Wireless Security Professional video training course for passing certification exams is the only solution which you need.