WEBVTT 1 00:00:00.080 --> 00:00:02.919 Okay, picture this. You're grabbing a coffee, you connect to 2 00:00:02.919 --> 00:00:06.120 the shop's Wi Fi easy right, or maybe you're in 3 00:00:06.120 --> 00:00:08.679 the office, devices everywhere, all on the company network. 4 00:00:08.759 --> 00:00:09.720 Yeah, it happens every day. 5 00:00:10.160 --> 00:00:14.039 Have you ever like actually stopped to think about how 6 00:00:14.080 --> 00:00:17.440 exposed your data might be on those wireless highways, those 7 00:00:17.440 --> 00:00:18.399 invisible signals. 8 00:00:18.600 --> 00:00:20.920 It's a really fundamental question, isn't it. I mean, what 9 00:00:21.120 --> 00:00:24.280 actually happens to your information once it leaves your device 10 00:00:24.320 --> 00:00:27.079 and floats through the air, whether it's your home network 11 00:00:27.199 --> 00:00:30.960 or a big corporate setup, that over the air part, 12 00:00:32.000 --> 00:00:33.640 that's where things can get tricky. 13 00:00:34.000 --> 00:00:37.159 Absolutely, and that's exactly what we're digging into today on 14 00:00:37.240 --> 00:00:40.280 the deep dive. We're looking at wireless network security. 15 00:00:40.399 --> 00:00:40.719 Yeah. 16 00:00:40.759 --> 00:00:43.880 We've been going through this professional guide Wireless Hacking with 17 00:00:44.000 --> 00:00:47.159 call a Linux and honestly it's pretty eye opening stuff, 18 00:00:47.200 --> 00:00:47.719 it really is. 19 00:00:48.119 --> 00:00:51.119 Now, just to be clear upfront, our mission here isn't 20 00:00:51.159 --> 00:00:53.759 to teach anyone how to hack. That's not the goal. 21 00:00:54.039 --> 00:00:54.960 No, definitely not. 22 00:00:55.159 --> 00:00:57.600 It's more about empowering you with the mindset of a 23 00:00:57.640 --> 00:01:00.320 penetration tester, like thinking like. 24 00:01:00.240 --> 00:01:02.719 An attacker, right, so you can defend better. 25 00:01:02.799 --> 00:01:05.599 Exactly when you understand how these attacks actually work what 26 00:01:05.680 --> 00:01:08.400 they look like. You're just in a much much better 27 00:01:08.439 --> 00:01:11.799 position to spot the weaknesses and build proper defenses for 28 00:01:11.879 --> 00:01:14.560 your own stuff or for your company's network. 29 00:01:14.680 --> 00:01:17.239 It's like getting X ray vision for your Wi Fi signal. 30 00:01:17.640 --> 00:01:20.799 We're going to look at the tools, the techniques attackers. 31 00:01:20.400 --> 00:01:22.560 Use, and then immediately flip it around show you how 32 00:01:22.599 --> 00:01:25.480 to protect yourself, how to counter those threats effectively. 33 00:01:26.079 --> 00:01:28.719 So have you ever really thought about that journey your 34 00:01:28.799 --> 00:01:31.599 data takes the second you hit connect on Wi Fi. 35 00:01:31.680 --> 00:01:35.000 Let's get into it. Okay, so maybe let's start with 36 00:01:35.040 --> 00:01:38.840 the why. Why do ethical hackers or pen testers as 37 00:01:38.840 --> 00:01:42.040 they're called, Why do they even do this? Why intentionally 38 00:01:42.079 --> 00:01:43.359 try to break into a network? 39 00:01:43.439 --> 00:01:45.400 That's a great question. It really gets to the core 40 00:01:45.439 --> 00:01:48.280 of it. The main goal isn't malicious at all. It's 41 00:01:48.319 --> 00:01:51.599 about understanding. 42 00:01:50.640 --> 00:01:53.000 Deep understanding, understanding the weaknesses. 43 00:01:53.000 --> 00:01:56.439 Precisely, you simulate real attacks to see exactly how a 44 00:01:56.480 --> 00:02:00.239 wireless network could be compromised, what those attacks actually look 45 00:02:00.280 --> 00:02:02.959 like from the inside, and then the crucial part, how 46 00:02:03.000 --> 00:02:07.000 to find and fix those vulnerabilities before a real attacker 47 00:02:07.120 --> 00:02:07.680 finds them. 48 00:02:07.840 --> 00:02:09.599 So it's kind of like crash testing a car, right 49 00:02:09.759 --> 00:02:11.560 you push it to its limits in a safe place 50 00:02:11.599 --> 00:02:12.919 to figure out how to make it safer. 51 00:02:13.120 --> 00:02:17.159 That's a perfect analogy. Yeah, this kind of testing helps 52 00:02:17.280 --> 00:02:21.280 organizations see the real risks, helps them make smart decisions 53 00:02:21.280 --> 00:02:23.159 about where to put their security budget. 54 00:02:23.280 --> 00:02:24.879 You know, which must be getting harder. 55 00:02:25.000 --> 00:02:28.879 Oh, absolutely, especially now with everyone bringing their own devices 56 00:02:28.960 --> 00:02:34.000 BYOD and like all these smart IoT things connecting wirelessly 57 00:02:34.120 --> 00:02:37.840 all over the place. This proactive approach, it's not just 58 00:02:37.919 --> 00:02:39.680 nice to have anymore, it's essential. 59 00:02:39.840 --> 00:02:41.680 Okay, So if you're going to do this kind of testing, 60 00:02:42.039 --> 00:02:44.919 what's actually in the toolkit? I heard the name Kalie 61 00:02:44.960 --> 00:02:45.759 Linux all the time. 62 00:02:45.919 --> 00:02:49.439 Klie Linux is basically the go to It's a free 63 00:02:49.560 --> 00:02:53.240 Linux distribution, but it's highly specialized. Comes packed with over 64 00:02:53.360 --> 00:02:56.879 four hundred penetration testing tools built right in for wired 65 00:02:56.919 --> 00:02:58.000 and wireless networks. 66 00:02:58.159 --> 00:02:59.159 Wow, four hundred. 67 00:02:59.240 --> 00:03:02.479 Yeah, it used to be backtrack Linux. If anyone remembers that. 68 00:03:02.159 --> 00:03:05.439 That's a serious arsenal. Are there specific tools within Collie 69 00:03:05.479 --> 00:03:09.159 that are like the main workhorses for wireless security stuff? 70 00:03:09.319 --> 00:03:10.240 Oh yeah, definitely. 71 00:03:10.280 --> 00:03:14.479 You'll always hear about wire Shark, brilliant tool for packet analysis. 72 00:03:14.560 --> 00:03:18.680 It lets you sniff, basically capture all the data flying. 73 00:03:18.439 --> 00:03:20.240 Through the air, see everything very much. 74 00:03:20.639 --> 00:03:23.080 Then there's etter cap, which is kind of a classic 75 00:03:23.360 --> 00:03:27.000 for man in the middle attacks, and if you're looking 76 00:03:27.039 --> 00:03:30.159 at disruption denial of service MDK three is a pretty well. 77 00:03:30.000 --> 00:03:30.759 Known tool for that. 78 00:03:31.159 --> 00:03:33.080 It's not just software, though, is it. You need the 79 00:03:33.120 --> 00:03:36.199 right hardware too, especially for wireless. I've heard your standard 80 00:03:36.280 --> 00:03:38.439 laptop Wi Fi card usually isn't good enough. 81 00:03:38.560 --> 00:03:39.159 That's spot on. 82 00:03:39.280 --> 00:03:41.919 Yeah, your typical built in wireless adopter, it just won't 83 00:03:41.960 --> 00:03:43.520 cut it for serious pen testing. 84 00:03:43.599 --> 00:03:44.000 Why not? 85 00:03:44.280 --> 00:03:47.479 The key reason is they lack two really critical functions, 86 00:03:48.240 --> 00:03:52.319 monitor mode and packet injection. Without those, you can't really 87 00:03:52.360 --> 00:03:55.879 see all the raw wireless traffic, and you can't inject 88 00:03:55.919 --> 00:03:58.280 your own packets, which many attacks require. 89 00:03:58.319 --> 00:04:01.759 So you're kind of blind and mute wirelessly speaking pretty much. 90 00:04:02.080 --> 00:04:04.639 And it's important to realize it's not really about the 91 00:04:04.680 --> 00:04:07.240 brand of the adapter you buy. It's all about the 92 00:04:07.319 --> 00:04:10.800 specific chip set inside that adapter. That's the engine. 93 00:04:10.919 --> 00:04:13.639 Okay. So if someone was setting up a lab, you know, 94 00:04:13.719 --> 00:04:16.839 for their own network, totally authorized, what kind of chipset 95 00:04:16.839 --> 00:04:17.680 should they be looking for? 96 00:04:17.800 --> 00:04:19.879 Well, for a good all rounder, the aetheris air nine 97 00:04:19.920 --> 00:04:22.879 two seven to one chipset is often recommended. It handles 98 00:04:22.920 --> 00:04:25.439 monitor mode and packet injection well on the two point 99 00:04:25.439 --> 00:04:28.240 four gigahertz band, which covers a lot of attacks. 100 00:04:28.480 --> 00:04:29.920 If you need five gear heerts. 101 00:04:30.040 --> 00:04:31.839 Then the real Tech ar til A eight to one 102 00:04:31.920 --> 00:04:34.720 un till Au chipset is an option. It covers both 103 00:04:34.759 --> 00:04:38.160 two point four and five getaherts. It can be let's say, 104 00:04:38.600 --> 00:04:41.319 a bit less reliable for certain types of packet injection 105 00:04:41.360 --> 00:04:43.560 attacks compared to the atheros, but it gives you that 106 00:04:43.680 --> 00:04:45.079 dual band capability. 107 00:04:45.199 --> 00:04:49.360 Gotcha and any particular brands known for making good adapters 108 00:04:49.399 --> 00:04:51.240 with these chipsets, I think I've heard of Alpha. 109 00:04:51.519 --> 00:04:56.399 Yeah, Alpha adapters like the AWUS zero three six NAHA 110 00:04:56.519 --> 00:04:59.680 or the ACH model. They really popular, known for good 111 00:04:59.720 --> 00:05:03.879 buil old quality, good reliability generally, Yeah, they tend to 112 00:05:03.920 --> 00:05:06.519 have better range and signal capture compared to some of 113 00:05:06.519 --> 00:05:10.160 the cheaper unbranded USB dongles you might find. Those might 114 00:05:10.199 --> 00:05:12.279 be smaller, but often lack the power you need for 115 00:05:12.360 --> 00:05:13.079 serious work. 116 00:05:13.279 --> 00:05:16.079 Okay, this is solf fascinating stuff, but it feels like 117 00:05:16.120 --> 00:05:19.279 we're getting into some powerful territory here. We probably need 118 00:05:19.319 --> 00:05:20.680 a big flashing warning. 119 00:05:20.399 --> 00:05:24.319 Sign, right, absolutely, one percent. It is critically important to 120 00:05:24.360 --> 00:05:28.480 stress the ethical boundaries here. Using these tools this knowledge 121 00:05:28.560 --> 00:05:31.319 to access any network or any client device that you 122 00:05:31.399 --> 00:05:35.560 don't have explicit written permission for. That's not just unethical, 123 00:05:35.600 --> 00:05:40.920 it's illegal, serious consequences. Seriously, no question, this deep dive, 124 00:05:41.000 --> 00:05:44.759 all this information. It's purely for educational purposes. It's about 125 00:05:44.839 --> 00:05:48.160 understanding threats so you can build better defenses for networks 126 00:05:48.199 --> 00:05:50.000 you are authorized to manage and protect. 127 00:05:50.240 --> 00:05:53.879 So the goal is always defense unless you're a professional 128 00:05:53.879 --> 00:05:56.240 pen tester with a sign contract and all the legal 129 00:05:56.240 --> 00:05:57.319 boxes ticked. 130 00:05:57.120 --> 00:06:01.040 Exactly, that understanding empowers you to protect, not to exploit 131 00:06:01.360 --> 00:06:01.959 full stop. 132 00:06:02.160 --> 00:06:04.680 Right. Okay, so we've got the tools, we've got the 133 00:06:04.720 --> 00:06:07.639 crucial ethical warnings. Let's start peeling back the layers on 134 00:06:07.680 --> 00:06:12.279 how these attacks actually happen. First up, wireless password attacks 135 00:06:12.480 --> 00:06:14.920 seems almost too simple. But isn't the password often the 136 00:06:14.920 --> 00:06:15.560 weakest link? 137 00:06:15.800 --> 00:06:19.360 Oh? Incredibly often. Yeah, it's like leaving your front door unlocked. 138 00:06:19.839 --> 00:06:22.759 Attackers always look for the easiest way in, and weak 139 00:06:22.800 --> 00:06:24.639 passwords are well easy. 140 00:06:24.800 --> 00:06:28.160 And it's not always some super complex technical hack, is it. 141 00:06:28.519 --> 00:06:31.319 The source mentions non technical methods. 142 00:06:30.959 --> 00:06:33.279 Too, Yeah, and that's kind of a reality check about 143 00:06:33.319 --> 00:06:34.399 human behavior, isn't it? 144 00:06:34.519 --> 00:06:36.199 Sometimes it's as simple as social. 145 00:06:35.959 --> 00:06:39.120 Engineering, just asking for it pretty much, or crafting a 146 00:06:39.160 --> 00:06:41.720 convincing story to get someone to give it up. Or 147 00:06:41.759 --> 00:06:45.000 there's the classic shoulder surfing, just looking over someone's shoulder 148 00:06:45.000 --> 00:06:47.360 while they type it in or spotting in on a 149 00:06:47.399 --> 00:06:49.120 sticky note stuck to their monitor. 150 00:06:49.399 --> 00:06:49.959 Low tack. 151 00:06:50.319 --> 00:06:52.759 That's scary effective, Okay. 152 00:06:52.839 --> 00:06:55.519 Then there are the more technical methods, the ones people 153 00:06:55.600 --> 00:06:56.879 usually picture right. 154 00:06:57.040 --> 00:07:00.959 For those, you've got dictionary attacks. It sounds you use 155 00:07:01.160 --> 00:07:05.560 massive lists, word lists of common words, names, dates, even 156 00:07:05.639 --> 00:07:10.439 things like common default passwords or sometimes leaked password lists. 157 00:07:10.600 --> 00:07:12.920 Because people choose easy to remember. 158 00:07:12.600 --> 00:07:16.680 Words, exactly predictable words makes these attacks surprisingly effective. Then 159 00:07:16.680 --> 00:07:18.879 if the dictionary fails, you have brute force. 160 00:07:18.639 --> 00:07:20.240 Attacks, which sounds exhausting. 161 00:07:20.480 --> 00:07:20.839 It is. 162 00:07:21.560 --> 00:07:26.920 Brute force is basically trying every single possible combination of letters, numbers, 163 00:07:26.959 --> 00:07:28.079 symbols until you hit. 164 00:07:28.000 --> 00:07:28.560 The right one. 165 00:07:29.120 --> 00:07:32.439 It takes a long time, but attackers can speed it up. 166 00:07:32.480 --> 00:07:35.319 They can use rules like people often start passwords with 167 00:07:35.360 --> 00:07:37.480 the capital letter or they usually end with a number. 168 00:07:38.199 --> 00:07:39.639 It optimizes the guessing. 169 00:07:40.040 --> 00:07:43.439 What's really sneaky about wireless password attacks, though? Is it 170 00:07:44.079 --> 00:07:48.079 the attack or isn't necessarily hammering your network directly with guesses, right, 171 00:07:48.360 --> 00:07:49.519 They can do it offline. 172 00:07:49.560 --> 00:07:50.879 That's the really insidious part. 173 00:07:51.040 --> 00:07:54.920 Yeah, they can passively sniff the airwaves, capture the encrypted 174 00:07:54.959 --> 00:07:58.600 authentication traffic, the handshake when a legitimate user connects. They 175 00:07:58.639 --> 00:08:01.199 grab that handshake without the use knowing, and then then 176 00:08:01.240 --> 00:08:04.240 they take that captured data away and run the dictionary 177 00:08:04.319 --> 00:08:07.279 or brute force attack against it on their own machine offline. 178 00:08:07.680 --> 00:08:08.480 You wouldn't even know. 179 00:08:08.439 --> 00:08:10.800 An attack was happening until suddenly your password is cracked 180 00:08:11.079 --> 00:08:12.399 and they're in the source. 181 00:08:12.480 --> 00:08:15.199 Even outlines a quick four step process for a WP 182 00:08:15.199 --> 00:08:18.120 part P two dictionary attack using Collie. 183 00:08:18.199 --> 00:08:22.279 It's a pretty standard flow. First, identify the target network's 184 00:08:22.360 --> 00:08:28.399 BSSID that's its emassy address. Second, choose your word list file. Third, 185 00:08:28.680 --> 00:08:32.360 you need to capture that handshake that authentication traffic, often 186 00:08:32.399 --> 00:08:35.360 done by briefly kicking a user off so they reconnect. 187 00:08:34.919 --> 00:08:36.080 Forcing the handshake right. 188 00:08:36.360 --> 00:08:39.559 And fourth, you run a tool like air cracking against 189 00:08:39.600 --> 00:08:42.279 the captured handshake using your chosen word list. 190 00:08:42.200 --> 00:08:47.799 And wait, okay, that covers cracking passwords. Next step passive 191 00:08:47.840 --> 00:08:51.840 reconnaissance and eavesdropping. This sounds even more like spying. 192 00:08:51.639 --> 00:08:52.320 It really is. 193 00:08:52.600 --> 00:08:56.000 Passive reconnaissance is all about gathering intel without making any noise. 194 00:08:56.039 --> 00:08:59.039 You're just listening silently to the wireless signals, no direct 195 00:08:59.039 --> 00:09:00.799 interaction with the network or devices. 196 00:09:00.879 --> 00:09:03.039 So how do they listen in without sitting off alarms? 197 00:09:03.240 --> 00:09:06.159 They basically tune their special wireless adapter, the one in 198 00:09:06.240 --> 00:09:09.519 monitor mode, to the specific frequency channel the target network 199 00:09:09.559 --> 00:09:12.080 is using. It just scoops up all the signals. Then 200 00:09:12.080 --> 00:09:14.480 they feed that raw data into something like wire shark 201 00:09:14.519 --> 00:09:15.200 to analyze it. 202 00:09:15.240 --> 00:09:16.480 Can they listen from far away? 203 00:09:16.720 --> 00:09:16.879 Oh? 204 00:09:16.960 --> 00:09:17.279 Yeah? 205 00:09:17.679 --> 00:09:21.240 With directional antennas, they can significantly boost their range. They 206 00:09:21.240 --> 00:09:23.120 could be sitting in a car down the street or 207 00:09:23.159 --> 00:09:28.360 in a nearby building, just quietly collecting data, completely undetected. 208 00:09:28.559 --> 00:09:30.720 And what kind of information can they get just by. 209 00:09:30.600 --> 00:09:32.399 Listening a surprising amount. 210 00:09:32.440 --> 00:09:32.879 Actually. 211 00:09:33.480 --> 00:09:36.120 They can figure out the manufacture of the access points, 212 00:09:36.480 --> 00:09:40.039 identify the MAC addresses of all the connected devices, see 213 00:09:40.039 --> 00:09:43.000 what kind of security is being used, even discover hidden 214 00:09:43.039 --> 00:09:44.200 network names sometimes. 215 00:09:44.320 --> 00:09:45.960 So they're basically building a map of. 216 00:09:45.879 --> 00:09:50.679 The network exactly a detailed blueprint, and they're looking for weaknesses, 217 00:09:50.919 --> 00:09:53.440 identifying potential targets for later attacks. 218 00:09:53.600 --> 00:09:56.879 The source walks through using Kllien wire Shark for this. Yeah. 219 00:09:57.000 --> 00:09:59.960 The first step is putting the adapter into monitor mode. 220 00:10:00.559 --> 00:10:03.799 Command like air m mouldings start zero zero usually does it. 221 00:10:04.080 --> 00:10:06.919 That turns the adapter into just a listener. Then you 222 00:10:06.960 --> 00:10:09.519 fire up wire shark pointed at that monitor interface and 223 00:10:09.559 --> 00:10:11.200 you start seeing all the packets. 224 00:10:10.840 --> 00:10:13.320 Flying by, and you can filter that flood of data. 225 00:10:13.440 --> 00:10:17.080 Oh yeah, wire Shark has powerful filters. You could filter, 226 00:10:17.200 --> 00:10:21.440 for say, just HTTP traffic to see unencrypted web browsing, 227 00:10:22.039 --> 00:10:25.200 or look for specific protocols related to authentication. 228 00:10:25.519 --> 00:10:27.519 And the scary part is if they somehow get the 229 00:10:27.639 --> 00:10:29.200 encryption key later on. 230 00:10:29.159 --> 00:10:31.320 That's when it gets really bad. If they've captured a 231 00:10:31.320 --> 00:10:33.600 bunch of encrypted traffic and then they managed to crack 232 00:10:33.639 --> 00:10:35.000 the password or get the key some. 233 00:10:35.080 --> 00:10:38.320 Other way, they can decrypt everything they already recorded exactly. 234 00:10:38.639 --> 00:10:41.320 They can feed that key into wireshark and decrypt all 235 00:10:41.320 --> 00:10:45.679 that historical traffic. Suddenly they can read emails, see login credentials, 236 00:10:45.720 --> 00:10:48.720 whatever was sent in clear text over that encrypted channel. 237 00:10:49.200 --> 00:10:52.399 If you search the decrypted packet data for keywords like 238 00:10:52.720 --> 00:10:56.360 pass or user, you might just find usernames and passwords 239 00:10:56.360 --> 00:10:59.159 plain as day. It's a total privacy nightmare. 240 00:10:59.240 --> 00:11:01.879 Wow. Okay, let's shift to something that sounds even more 241 00:11:01.919 --> 00:11:05.639 active and malicious Man in the middle attacks, and these 242 00:11:05.679 --> 00:11:09.840 often involve things called rogue aps and evil twins. First 243 00:11:09.879 --> 00:11:12.840 of if, what's a rogue access point in say an office. 244 00:11:12.600 --> 00:11:16.879 Environment simplest definition, it's any wireless access point plugged into 245 00:11:16.879 --> 00:11:20.559 the company network that it didn't authorize or install. Someone 246 00:11:20.720 --> 00:11:22.919 just brings one from home, plugs it into a spare 247 00:11:22.960 --> 00:11:25.639 network jack boom rogue AP. 248 00:11:26.000 --> 00:11:28.799 Besides maybe causing some Wi Fi interference, what's the actual 249 00:11:28.879 --> 00:11:29.720 security risk? 250 00:11:30.039 --> 00:11:32.679 Interference can be annoying, sure if it's on the same channel, 251 00:11:33.240 --> 00:11:36.120 but the real danger is that connection to the corporate network. 252 00:11:36.480 --> 00:11:40.320 These rogue aps almost always have much weaker security settings, 253 00:11:40.399 --> 00:11:44.039 maybe no password or a simple one. They effectively create 254 00:11:44.120 --> 00:11:49.399 an unauthorized, unsecured back door straight into the company's supposedly 255 00:11:49.440 --> 00:11:50.320 secure network. 256 00:11:50.399 --> 00:11:54.039 OUCH and a honeypot AP sounds like a specific type 257 00:11:54.039 --> 00:11:56.159 of rogue AP designed to trick. 258 00:11:55.960 --> 00:11:59.639 People exactly right. A honeypot AP is set up deliberately 259 00:11:59.759 --> 00:12:03.720 to look exactly like a legitimate network, same network name SSID, 260 00:12:03.879 --> 00:12:07.559 maybe even spoofing the MS address or manufacture info of 261 00:12:07.600 --> 00:12:08.720 a real company AP. 262 00:12:08.799 --> 00:12:09.639 Why what's the goal. 263 00:12:09.759 --> 00:12:12.679 The goal is to lure unsuspecting users into connecting to 264 00:12:12.720 --> 00:12:15.200 it instead of the real network. They see the familiar 265 00:12:15.200 --> 00:12:17.240 Wi Fi name, they connect, and then the attackers in 266 00:12:17.279 --> 00:12:20.799 the middle precisely once you're connected to their honeypot, they're 267 00:12:20.799 --> 00:12:23.639 sitting right between you and the Internet, or you and 268 00:12:23.679 --> 00:12:27.000 the real corporate network. They can potentially intercept your traffic, 269 00:12:27.080 --> 00:12:30.799 try to compromise your device, or use your connection as 270 00:12:30.840 --> 00:12:34.120 a bridge to attack the legitimate network. They become a 271 00:12:34.159 --> 00:12:35.519 relay in the middle. 272 00:12:35.440 --> 00:12:38.120 And the Evil Twin attack. That sounds like the advanced 273 00:12:38.200 --> 00:12:39.320 version it is. 274 00:12:39.200 --> 00:12:42.080 It's a more sophisticated man in the middle. The attacker 275 00:12:42.240 --> 00:12:46.159 first clones a legitimate network, copies its name yes SID 276 00:12:46.519 --> 00:12:50.559 and se address to create a convincing fake ap the twin, 277 00:12:50.919 --> 00:12:51.559 the Evil Twin. 278 00:12:51.679 --> 00:12:51.919 Yeah. 279 00:12:52.320 --> 00:12:55.840 Then they often launch a dilauthentication attack against the real 280 00:12:55.919 --> 00:12:59.600 access point. This forcibly disconnects all the legitimate. 281 00:12:59.240 --> 00:13:01.120 Users one off the real WiFi. 282 00:13:01.440 --> 00:13:04.279 Right, So what do those users devices do? They automatically 283 00:13:04.279 --> 00:13:06.360 look for the network name again and hey, there it 284 00:13:06.399 --> 00:13:08.320 is the Evil Twin, So they connect to the fake 285 00:13:08.360 --> 00:13:09.279 one instead. 286 00:13:08.919 --> 00:13:11.080 And that's when the attacker can steal passwords. 287 00:13:11.240 --> 00:13:14.879 That's often the goal, yeah, credential harvesting. Once the victim 288 00:13:14.879 --> 00:13:17.240 connects to the evil twin, the attacker can redirect their 289 00:13:17.279 --> 00:13:20.000 web browser, maybe to a fake lug in page that 290 00:13:20.000 --> 00:13:22.840 looks like the router's interface or a fake you need 291 00:13:22.840 --> 00:13:24.159 a security update. 292 00:13:23.879 --> 00:13:26.519 Page and asks for the Wi Fi password. 293 00:13:26.200 --> 00:13:29.559 YEP prompts for the WPA or WPA two password. The 294 00:13:29.639 --> 00:13:32.639 unsuspecting user types it in and the attacker captures it. 295 00:13:33.000 --> 00:13:36.039 They can even use tools like SSL strip to downgrade 296 00:13:36.080 --> 00:13:41.320 secure HTTPS connections to insecure HTTP, making interception easier, while 297 00:13:41.320 --> 00:13:44.039 maybe showing a fake padlock icon in the browser to 298 00:13:44.120 --> 00:13:45.399 keep the user feeling secure. 299 00:13:45.799 --> 00:13:46.919 Very deceptive, Okay? 300 00:13:47.039 --> 00:13:51.960 Our last major attack to denial service or DOS attacks. 301 00:13:52.240 --> 00:13:53.840 The name pretty much says it all, doesn't it. 302 00:13:53.840 --> 00:13:54.480 It really does. 303 00:13:54.519 --> 00:13:58.279 The goal is simple, stop legitimate users from using the 304 00:13:58.320 --> 00:14:00.399 wireless network, deny them the service. 305 00:14:00.440 --> 00:14:02.159 How do they actually do that wirelessly? 306 00:14:02.360 --> 00:14:04.840 Usually one of two ways. First, they can just flood 307 00:14:04.840 --> 00:14:07.600 the access point with garbage traffic, send it tons and 308 00:14:07.639 --> 00:14:11.799 tons of connection requests, authentication requests, per requests, just overwhelm 309 00:14:11.799 --> 00:14:14.159 it so it can't handle the real user's traffic anymore. 310 00:14:14.240 --> 00:14:16.000 Grounded and noise exactly. 311 00:14:16.559 --> 00:14:20.840 The second way is to actively create interference. Broadcasts strong 312 00:14:20.879 --> 00:14:24.200 signals on the same frequency that just disrupt or jam 313 00:14:24.279 --> 00:14:28.039 the legitimate Wi Fi signals, creates chaos on the airwaves. 314 00:14:28.360 --> 00:14:31.480 The source mentioned that real world example of a cellular jammer. 315 00:14:31.679 --> 00:14:35.840 Yeah, that's a powerful, though illegal example. Someone driving around 316 00:14:35.840 --> 00:14:38.240 with a device that just knocked out cell service for 317 00:14:38.279 --> 00:14:42.240 everyone nearby, including emergency calls, shows the kind of disruption 318 00:14:42.440 --> 00:14:43.559 DOS can cause. 319 00:14:43.320 --> 00:14:46.440 And kully Linux has tools for this too, like MDK three. 320 00:14:46.679 --> 00:14:49.000 Right. MDK three is one tool that can be used 321 00:14:49.000 --> 00:14:51.039 for doss. For example, it can be used to send 322 00:14:51.039 --> 00:14:54.360 out floods of those deauthentication packets we mentioned earlier, not 323 00:14:54.440 --> 00:14:57.759 targeted at one user, but broadcast to everyone connected to 324 00:14:57.799 --> 00:15:01.440 an AP or flooding the AP. It's SOLF constantly kicking 325 00:15:01.519 --> 00:15:04.200 users off and preventing them from reliably reconnecting. 326 00:15:04.519 --> 00:15:08.080 Right, we've seen the dark side, We've walked through the attacks. 327 00:15:08.120 --> 00:15:11.759 Now the crucial part, how do we fight back the countermeasures. 328 00:15:12.000 --> 00:15:15.799 Let's start with the basics. Strong passwords and good security policies. 329 00:15:15.840 --> 00:15:18.720 You absolutely have to. It sounds basic, but complexity is 330 00:15:18.759 --> 00:15:22.919 everything for passwords. Mix uppercase, lowercase numbers, special characters make. 331 00:15:22.799 --> 00:15:25.720 It long, but memorable, right, so people don't write them down. 332 00:15:25.960 --> 00:15:26.679 That's the trick. 333 00:15:27.279 --> 00:15:30.720 Encourage passphrases, maybe like a short, unique sentence rather than 334 00:15:30.720 --> 00:15:33.759 just random characters if it helps people remember, but definitely 335 00:15:33.799 --> 00:15:37.919 avoid dictionary words, names, birthdays, all that predictable stuff. 336 00:15:37.960 --> 00:15:40.720 So fliffy one two three is probably still bad. 337 00:15:40.879 --> 00:15:41.519 Still pretty bad. 338 00:15:41.600 --> 00:15:41.840 Yeah. 339 00:15:42.320 --> 00:15:44.840 For things like the Wi Fi password itself or machine 340 00:15:44.840 --> 00:15:47.080 accounts where a human doesn't need to type it, often 341 00:15:47.519 --> 00:15:50.799 use a password generator. There are good ones online the 342 00:15:50.840 --> 00:15:55.279 source mentioned passwordsgenerator dot net, random dot org, griic dot com, 343 00:15:55.320 --> 00:15:59.480 passwords dot htm. Let them create something truly random and long. 344 00:16:00.080 --> 00:16:02.840 For bring your own device policies, how do passwords fit 345 00:16:02.879 --> 00:16:04.399 in there with BYOD? 346 00:16:04.600 --> 00:16:07.000 You really need to think about what data or systems 347 00:16:07.000 --> 00:16:10.360 those personal devices might access if they're on the company network. 348 00:16:10.679 --> 00:16:13.759 The more sensitive the assets, the tougher your password requirements 349 00:16:13.759 --> 00:16:16.519 for those devices need to be. Context is key. 350 00:16:16.480 --> 00:16:20.600 Makes sense, Okay, countermeasure too smart. Physical security for the 351 00:16:20.639 --> 00:16:23.480 access points themselves can't just tack them onto any wall. 352 00:16:23.840 --> 00:16:24.519 No way. 353 00:16:24.720 --> 00:16:27.039 Where you put the AP matters hugely. 354 00:16:27.080 --> 00:16:28.440 You got to assess the risk. 355 00:16:29.039 --> 00:16:31.639 Is it on a factory floor where it might get damaged? 356 00:16:31.879 --> 00:16:34.000 Is it in a school hallway where someone might mess 357 00:16:34.039 --> 00:16:37.000 with it. Public areas are always higher risk for. 358 00:16:36.960 --> 00:16:39.320 Tampering, so hiding them is sometimes the best bet. 359 00:16:39.440 --> 00:16:43.759 Often, Yeah, putting aps above drop ceilings makes them invisible, 360 00:16:44.320 --> 00:16:47.279 or you can try to camouflage them, maybe paint them 361 00:16:47.320 --> 00:16:50.559 to match the wall, or use those flat panel antennas 362 00:16:50.600 --> 00:16:53.080 that look like, I don't know, smoke detectors or something 363 00:16:53.159 --> 00:16:53.799 out of sight. 364 00:16:53.720 --> 00:16:55.679 Out of mind, physically locking them down. 365 00:16:55.840 --> 00:16:59.720 Definitely use the mounting brackets, security screws, maybe even security 366 00:16:59.720 --> 00:17:03.200 cables like you'd use for a laptop, and crucially secure 367 00:17:03.240 --> 00:17:07.559 the ports. Use SSH for remote management, disable console ports 368 00:17:07.599 --> 00:17:11.079 after setup, and please please change the default admin user 369 00:17:11.119 --> 00:17:13.279 name and password on the AP immediately. 370 00:17:13.480 --> 00:17:14.279 Seems like a big one. 371 00:17:14.319 --> 00:17:17.599 People forget huge and try to avoid using aps with 372 00:17:17.680 --> 00:17:21.359 external antennas if you don't absolutely need the range, because 373 00:17:21.400 --> 00:17:23.640 those antennas are just asking to be tampered with or 374 00:17:23.680 --> 00:17:24.279 swapped out. 375 00:17:24.400 --> 00:17:29.319 Got it now, onto the real foundation encryption. The source 376 00:17:29.319 --> 00:17:33.920 talked about the evolution starting with the disaster that was wep. 377 00:17:33.519 --> 00:17:37.480 Oh wep wired equivalent Privacy the first attempt and yeah, 378 00:17:37.519 --> 00:17:40.519 fundamentally broken. You might still find it on really old 379 00:17:40.599 --> 00:17:44.359 legacy gear maybe some ancient industrial controls or medical equipment, 380 00:17:44.519 --> 00:17:46.279 but using it today is. 381 00:17:46.359 --> 00:17:47.640 Just asking for trouble. 382 00:17:47.799 --> 00:17:48.759 What made it so bad? 383 00:17:49.079 --> 00:17:52.440 The main killer was its tiny twenty four bit initialization 384 00:17:52.640 --> 00:17:55.480 vector the four five. Think of it like a temporary 385 00:17:55.480 --> 00:17:58.400 password added to the main key for each packet. Because 386 00:17:58.400 --> 00:18:01.160 it was so short, it repeated really quickly. 387 00:18:00.920 --> 00:18:03.400 So attackers could see patterns exactly. 388 00:18:03.759 --> 00:18:06.279 By capturing enough traffic, they could easily figure out the 389 00:18:06.319 --> 00:18:09.519 repeating IV patterns and use statistical attacks to crack the 390 00:18:09.559 --> 00:18:13.680 main WEPKE relatively quickly. Plus, WP used the same key 391 00:18:13.720 --> 00:18:16.599 for everyone on the network for both encryption and authentication. 392 00:18:17.200 --> 00:18:20.799 One key compromised, the whole network was wide open, single 393 00:18:20.839 --> 00:18:21.440 point of failure. 394 00:18:21.519 --> 00:18:25.119 Yikes. So then came WPA and WPA two to fix 395 00:18:25.160 --> 00:18:25.960 things right. 396 00:18:26.440 --> 00:18:29.559 WPA Wi Fi Protected Access was kind of the stepping stone. 397 00:18:29.720 --> 00:18:34.599 It introduced TCKP Temporal Key Integrity Protocol, which fixed WP's 398 00:18:34.599 --> 00:18:37.039 biggest flaws, but could often run on the same hardware, 399 00:18:37.400 --> 00:18:39.400 made it easier for people to upgrade. 400 00:18:39.160 --> 00:18:42.079 And WPA two was the final, much stronger version. 401 00:18:42.359 --> 00:18:45.359 WPA two is the robust standard we rely on today. 402 00:18:45.720 --> 00:18:48.039 It's based on the full eight oh two point one 403 00:18:48.079 --> 00:18:50.720 to one I standard and mandated the use of AS 404 00:18:50.839 --> 00:18:52.799 the Advanced Encryption standard. 405 00:18:52.480 --> 00:18:54.400 And AS is still considered secure. 406 00:18:54.200 --> 00:18:54.720 As of now. 407 00:18:54.880 --> 00:18:58.480 Yes, AES is incredibly strong with no known practical ways 408 00:18:58.519 --> 00:19:01.319 to break it publicly. It was a massive leap. The 409 00:19:01.359 --> 00:19:03.559 whole eight oh two point one on I standard that 410 00:19:03.680 --> 00:19:07.279 WPA two is built on brought five huge improvements over WEP. 411 00:19:07.480 --> 00:19:09.079 There were those five key changes, okay. 412 00:19:09.119 --> 00:19:12.400 First, much longer IV's forty eight bits exponentially harder to 413 00:19:12.400 --> 00:19:15.640 crack through repetition. Second, separate keys use for authenticating users 414 00:19:15.720 --> 00:19:19.480 versus encrypting their data. Important separation. Third, unique encryption keys 415 00:19:19.480 --> 00:19:22.960 for each user or device connected. No more shared key vulnerability, 416 00:19:23.039 --> 00:19:27.559 huge different massive Fourth, the keys were distributed dynamically and 417 00:19:27.640 --> 00:19:32.519 changed over time. And fifth support for temporal keys temporary 418 00:19:32.680 --> 00:19:36.079 short lived keys for sessions, further limiting the damage if 419 00:19:36.119 --> 00:19:37.960 one key ever did get compromised. 420 00:19:38.000 --> 00:19:42.640 Okay, so strong encryption is vital. What about authentication getting 421 00:19:42.640 --> 00:19:44.839 onto the network in the first place. Sounds like there's 422 00:19:44.839 --> 00:19:46.279 more than just typing in a password. 423 00:19:46.400 --> 00:19:48.440 Oh yeah, there's a whole range of ways Wi Fi 424 00:19:48.480 --> 00:19:52.359 handles authentication. You've got simple open authentication basically no cassword. 425 00:19:52.640 --> 00:19:56.599 The flawed WEP authentication than the much better eight two 426 00:19:56.640 --> 00:19:58.720 point one to one I methods, which include the four 427 00:19:58.759 --> 00:20:02.640 way handshake used by w personal, the password method, and 428 00:20:02.960 --> 00:20:07.240 WPP two enterprise, which often uses usernames and individual credentials 429 00:20:07.359 --> 00:20:11.279 much stronger, and even things like m makeup authentication less 430 00:20:11.279 --> 00:20:12.599 secure easily spoofed. 431 00:20:12.920 --> 00:20:16.759 You mentioned mutual authentication earlier as being really important against honeypots. 432 00:20:17.200 --> 00:20:18.160 What exactly is. 433 00:20:18.079 --> 00:20:21.279 That mutual authentication is critical. It means it's not just 434 00:20:21.319 --> 00:20:23.839 the network checking if the client device is allowed on, 435 00:20:24.200 --> 00:20:26.400 it's also the client device checking if the network it's 436 00:20:26.400 --> 00:20:28.519 connecting to is the legitimate one. 437 00:20:28.319 --> 00:20:31.240 It expects, like checking each other's ID exactly. 438 00:20:31.440 --> 00:20:35.240 The device verifies the network's credentials, usually via certificates and 439 00:20:35.319 --> 00:20:38.839 enterprise setups, before it even sends its own credentials. It 440 00:20:38.880 --> 00:20:42.319 prevents you from accidentally connecting to an evil twin or 441 00:20:42.359 --> 00:20:45.319 a honeypot because the fake network can't prove it's the 442 00:20:45.359 --> 00:20:45.880 real deal. 443 00:20:46.200 --> 00:20:49.880 Makes sense, and even fast roaming, where you walk around 444 00:20:49.880 --> 00:20:54.200 in office in your phone seamlessly switches aps that has security. 445 00:20:53.720 --> 00:20:54.680 Aspects it does. 446 00:20:55.160 --> 00:20:58.160 Fast roaming is great for usability, especially for things like 447 00:20:58.200 --> 00:21:02.400 Wi Fi calling, but of quickly reauthenticating you as you 448 00:21:02.440 --> 00:21:05.559 move between aps needs to be handled securely. How are 449 00:21:05.559 --> 00:21:09.039 those keys passed? How is the handshake done quickly but safely? 450 00:21:09.519 --> 00:21:11.799 It adds complexity that needs careful management. 451 00:21:11.920 --> 00:21:16.799 Okay. Another countermeasure protecting message integrity, making sure data isn't 452 00:21:16.839 --> 00:21:18.960 tampered with while it's flying through the air. 453 00:21:19.079 --> 00:21:22.359 Right, It's not just about secrecy encryption, it's also about 454 00:21:22.440 --> 00:21:26.359 authenticity and integrity. WPA two includes something called a message 455 00:21:26.359 --> 00:21:31.119 integrity check or MIC, often nicknamed Michael Yeah MIC. It's 456 00:21:31.160 --> 00:21:35.559 basically a cryptographic checksum calculated for each data packet. If 457 00:21:35.599 --> 00:21:38.319 an attacker tries to alter the packet and transit flip 458 00:21:38.400 --> 00:21:41.279 a bit, change some data, the MIC calculation at the 459 00:21:41.279 --> 00:21:44.200 receiving end won't match and the packet gets rejected. It 460 00:21:44.240 --> 00:21:46.319 protects against data tampering, so you know. 461 00:21:46.319 --> 00:21:48.880 The data arrived exactly as it was sent correct. 462 00:21:49.240 --> 00:21:51.759 And while the focus is often on protecting the user 463 00:21:51.839 --> 00:21:56.079 data frames, securing the management frames those control messages like 464 00:21:56.279 --> 00:22:01.119 authentication de authentication association requests is also really important for 465 00:22:01.200 --> 00:22:04.839 overall network stability and security. Attackers can mess with those two. 466 00:22:05.400 --> 00:22:08.319 Speaking of messing with things, let's talk about detecting and 467 00:22:08.359 --> 00:22:12.319 containing those rogue aps, we discussed how do companies find them. 468 00:22:12.599 --> 00:22:18.599 Larger enterprise Wi Fi systems have weight sensor mode. 469 00:22:18.759 --> 00:22:22.200 Instead of serving clients, they just listen, scanning the airwaves 470 00:22:22.279 --> 00:22:25.680 specifically looking for unauthorized APS broadcasting nearby. 471 00:22:25.920 --> 00:22:28.559 Like security guards patrolling the airwaves kind. 472 00:22:28.359 --> 00:22:32.880 Of yeah, and the central wireless land controllers the wlcs 473 00:22:32.920 --> 00:22:37.359 that manage all the legitimate aps, they're constantly monitoring. If 474 00:22:37.359 --> 00:22:39.920 they detect an AP operating on the network that they 475 00:22:39.920 --> 00:22:41.680 don't manage, they flag it as a. 476 00:22:41.680 --> 00:22:44.119 Rogue and can they kick it off contain it? 477 00:22:44.480 --> 00:22:45.519 They often can, Yes. 478 00:22:46.440 --> 00:22:50.319 Wlcs can be configured to launch containment measures against detected rogues. 479 00:22:50.880 --> 00:22:54.240 Usually this means sending targeted to authentication packets at the 480 00:22:54.319 --> 00:22:57.799 rogue AP or clients connected to it, essentially disrupting its 481 00:22:57.799 --> 00:23:01.880 ability to operate and preventing legitimate users from connecting to it. 482 00:23:02.039 --> 00:23:03.839 But again with the big warning label. 483 00:23:03.559 --> 00:23:07.880 Attached, absolutely extremely strong warning, this kind of active containment 484 00:23:08.039 --> 00:23:10.839 launching death attacks should only ever be done on your 485 00:23:10.880 --> 00:23:15.519 own network infrastructure against genuinely unauthorized devices. Doing it against 486 00:23:15.519 --> 00:23:17.680 a network you don't own or manage is illegal and 487 00:23:17.720 --> 00:23:20.799 could be considered a DOS attack itself. Used with extreme 488 00:23:20.880 --> 00:23:23.039 caution and proper authorization. 489 00:23:22.759 --> 00:23:27.160 Understood last countermeasure area Spectrum analysis tools. These sound pretty 490 00:23:27.240 --> 00:23:27.599 high tech. 491 00:23:27.759 --> 00:23:30.960 They are tools like the weispy DBX combined with software 492 00:23:31.039 --> 00:23:34.640 like Channelizer, the professional grade and Yeah can be expensive, 493 00:23:35.119 --> 00:23:38.119 but they give you an incredibly detailed visual picture of 494 00:23:38.160 --> 00:23:41.160 everything happening in the wireless spectrum both two point four 495 00:23:41.160 --> 00:23:43.200 gigahertz and five gil hurtz bands. 496 00:23:43.559 --> 00:23:45.839 What do you see that you wouldn't see. 497 00:23:45.720 --> 00:23:49.160 With just wireshark You see all radio frequency energy, not 498 00:23:49.240 --> 00:23:52.039 just Wi Fi packets. This is crucial because lots of 499 00:23:52.039 --> 00:23:55.640 interference comes from non Wi Fi devices. Microwave ovens are 500 00:23:55.720 --> 00:23:59.400 notorious in the two point four get ahertz band, cordless phones, 501 00:23:59.480 --> 00:24:03.279 Bluetooth devices, baby monitors, even faulty fluorescent lights. 502 00:24:03.440 --> 00:24:05.359 They all pollute the airwaves they can. 503 00:24:05.480 --> 00:24:08.839 Yeah Spectrum analyzers let you see the shape or spectral 504 00:24:08.880 --> 00:24:11.880 signature of these interfering signals. You can see how often 505 00:24:11.880 --> 00:24:14.599 they transmit, their duty cycle, and how much noise they're adding. 506 00:24:14.839 --> 00:24:18.000 This helps you diagnose weird connectivity problems that aren't caused 507 00:24:18.000 --> 00:24:20.200 by other Wi Fi networks and helps you choose the 508 00:24:20.240 --> 00:24:23.359 cleanest possible channel for your own network. It's about seeing 509 00:24:23.440 --> 00:24:24.680 the physical layer noise. 510 00:24:24.960 --> 00:24:28.640 That's incredibly detailed. Okay, this has been a really comprehensive 511 00:24:28.680 --> 00:24:32.519 journey through wireless security threats and defenses for everyone listening. 512 00:24:33.240 --> 00:24:35.680 What are the key takeaways, like, what's the action plan? 513 00:24:36.200 --> 00:24:39.039 Well, first, if you're in it, go back and look 514 00:24:39.079 --> 00:24:42.599 at your company's security policy right now. How does it 515 00:24:42.680 --> 00:24:46.559 handle employees using personal hotspots or bringing in their own 516 00:24:46.559 --> 00:24:49.880 little routers? Do people even know what a rogue AP 517 00:24:50.200 --> 00:24:51.240 is and why it's bad? 518 00:24:51.759 --> 00:24:55.839 Education is huge, So review the policy and educate the users. 519 00:24:55.880 --> 00:24:59.799 Got it, yes? Second, really try to understand what normal 520 00:25:00.240 --> 00:25:03.440 like on your network. What are your typical background noise levels? 521 00:25:03.599 --> 00:25:06.480 How many authentication requests do you usually see? What are 522 00:25:06.559 --> 00:25:10.960 normal retransmission rates? Know your baseline exactly, because when you 523 00:25:11.039 --> 00:25:14.079 know your baseline, anominally stand out like a sore thumb, 524 00:25:14.359 --> 00:25:17.480 a sudden spike in death packets, a weird signal showing 525 00:25:17.559 --> 00:25:20.279 up on a spectrum analyzer, that could be your first 526 00:25:20.279 --> 00:25:23.240 sign of an attack potentially across any layer right down 527 00:25:23.240 --> 00:25:25.319 to that physical layer. People often ignore. 528 00:25:25.160 --> 00:25:27.359 Which leads to your last point, right, don't ignore the 529 00:25:27.359 --> 00:25:28.039 physical layer. 530 00:25:28.039 --> 00:25:28.799 If please don't. 531 00:25:30.640 --> 00:25:33.640 My final recommendation is really encourage it folks to get 532 00:25:33.680 --> 00:25:35.640 comfortable with the wireless physical layer. 533 00:25:35.759 --> 00:25:36.319 I know it can. 534 00:25:36.200 --> 00:25:39.279 Seem like black magic sometimes our f signals and waveforms, 535 00:25:39.920 --> 00:25:42.680 but understanding how that data actually travels through the air 536 00:25:42.799 --> 00:25:47.559 is so fundamental for serious troubleshooting and for really locking 537 00:25:47.559 --> 00:25:50.799 down a wireless environment. So many problems start right there. 538 00:25:51.039 --> 00:25:53.400 That's great advice. So wrapping this all up, maybe a 539 00:25:53.440 --> 00:25:57.240 final thought for you, our listener, Given everything we've covered today, 540 00:25:57.680 --> 00:26:00.759 how would you define what makes a wireless network truly 541 00:26:00.880 --> 00:26:04.920 secure in this crazy connected world? And maybe more practically, 542 00:26:04.920 --> 00:26:07.640 what's one step, just one thing you'll do today or 543 00:26:07.720 --> 00:26:09.279 this week to apply some. 544 00:26:09.279 --> 00:26:13.440 Of this knowledge because the landscape keeps changing. But being informed, 545 00:26:13.599 --> 00:26:16.799 being proactive, and using layers of defense that's always going 546 00:26:16.839 --> 00:26:17.759 to be your best strategy. 547 00:26:17.880 --> 00:26:20.000 Fantastic. That brings us to the end of this deep 548 00:26:20.119 --> 00:26:23.200 dive into wireless network security. If you found this useful, 549 00:26:23.200 --> 00:26:25.960 maybe help cut through some complexity. Please share it with 550 00:26:26.000 --> 00:26:28.640 a colleaguer friend who can use a shortcut to getting 551 00:26:28.680 --> 00:26:31.000 well informed on protecting their wireless world.