Summary: François Vergès discusses Wi-Fi security and securing the access to the Wi-Fi network.<br> On <a href="http://www.cleartosend.net/56" target="_blank">episode 56</a>, we have talked about the legacy Wi-Fi security mechanisms and we explained why they are not considered safe and secure anymore and why we should not be using them in our modern Wi-Fi networks deployments.<br> In this follow up episode, we want to start going over the stronger and safer way to secure a Wi-Fi network. We are focusing on how the client devices can securely connect and exchange data over a Wi-Fi network.<br> This episode will answer the following questions:<br> <br> * How does a client station securely connect to a Wi-Fi network?<br> * What is WPA?<br> * What is the difference between WPA and WPA2?<br> * How does the Personal and Enterprise mode of operation work?<br> * What is 802.1X and how is it related to Wi-Fi security?<br> * What is required in order to authenticate client devices using 802.1X?<br> * What is the 4-way handshake?<br> * What are the secured EAP methods?<br> * What do we need to do in order to securely use WPA/PA2-Personal?<br> * What is considered a strong password?<br> * How does a client station securely exchange data over the Wi-Fi network?<br> <br> Resources<br> Here are the links to the videos we talked about during this episode:<br> <br> * <a href="https://www.youtube.com/watch?v=9M8kVYFhMDw" target="_blank" rel="nofollow">4-way handshake</a> video from CWNP by Marcus Burton<br> * <a href="https://www.youtube.com/watch?v=8OPdE1MM1yE" target="_blank" rel="nofollow">Authentication and key management</a> video from CWNP by Marcus Burton<br> * <a href="https://www.youtube.com/watch?v=hLQ5rYNUwNg" target="_blank" rel="nofollow">WPA and WPA2</a> video from CWNP by Marcus Burton<br> * Setup FreeRadius:<br> <br> * <a href="http://www.semfionetworks.com/blog/setup-freeradius-on-kali-linux-for-8021x-authentication">http://www.semfionetworks.com/blog/setup-freeradius-on-kali-linux-for-8021x-authentication</a><br> * <a href="https://www.packet6.com/install-freeradius-ubuntu-server/">https://www.packet6.com/install-freeradius-ubuntu-server/</a><br> <br> <br> <br> Here are a couple of diagrams related to the Wi-Fi security topic:<br> <br> * <a href="http://www.semfionetworks.com/blog/wi-fi-security-timeline" target="_blank" rel="nofollow">Wi-Fi Security Timeline</a><br> * 802.1X Example:<br> <br> <a href="http://www.semfionetworks.com/uploads/2/9/8/3/29831147/network_drawing_-_lab_setup_2.png"></a><br> <br> <a href="http://www.semfionetworks.com/uploads/2/9/8/3/29831147/network_drawing_-_authentication_process.png"></a><br> <br> If we want to dive deeper into the topic of Wi-Fi security, you can read the following book:<br> <br> * <a href="http://amzn.to/2kJbRoO" target="_blank" rel="nofollow">CWSP Book</a><br> <br> Other resources we talked about:<br> <br> * <a href="https://www.sans.org/security-resources/policies/general/pdf/password-construction-guidelines" target="_blank" rel="nofollow">SANS strong password guidelines</a><br> <br> Password generation website:<a href="http://xkpasswd.net"> xkpasswd.net</a><br>
