CTS 063: Wi-Fi Security – Securing Access

François Vergès discusses Wi-Fi security and securing the access to the Wi-Fi network. On episode 56, we have talked about the legacy Wi-Fi security mechanisms and we explained why they are not considered safe and secure anymore and why we should not be using them in our modern Wi-Fi networks deployments. In this follow up episode, we want to start going over the stronger and safer way to secure a Wi-Fi network. We are focusing on how the client devices can securely connect and exchange data over a Wi-Fi network. This episode will answer the following questions: * How does a client station securely connect to a Wi-Fi network? * What is WPA? * What is the difference between WPA and WPA2? * How does the Personal and Enterprise mode of operation work? * What is 802.1X and how is it related to Wi-Fi security? * What is required in order to authenticate client devices using 802.1X? * What is the 4-way handshake? * What are the secured EAP methods? * What do we need to do in order to securely use WPA/PA2-Personal? * What is considered a strong password? * How does a client station securely exchange data over the Wi-Fi network? Resources Here are the links to the videos we talked about during this episode: * 4-way handshake video from CWNP by Marcus Burton * Authentication and key management video from CWNP by Marcus Burton * WPA and WPA2 video from CWNP by Marcus Burton * Setup FreeRadius: * http://www.semfionetworks.com/blog/setup-freeradius-on-kali-linux-for-8021x-authentication * https://www.packet6.com/install-freeradius-ubuntu-server/ Here are a couple of diagrams related to the Wi-Fi security topic: * Wi-Fi Security Timeline * 802.1X Example:     If we want to dive deeper into the topic of Wi-Fi security, you can read the following book: * CWSP Book Other resources we talked about: * SANS strong password guidelines Password generation website: xkpasswd.net