Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated: 1 00:00:01,350 --> 00:00:07,380 In this lecture and in the next few lectures I'd like to talk about WPA enterprise. 2 00:00:07,640 --> 00:00:11,280 What it is how it works and how to market. 3 00:00:11,720 --> 00:00:17,920 Now all the networks that we've seen so far in this course and in my other hacking courses whether they're 4 00:00:17,930 --> 00:00:27,950 WPA or WPA to networks all of them were used in a form of authentication called DSK case stands for 5 00:00:27,950 --> 00:00:29,280 pre-shared key. 6 00:00:29,540 --> 00:00:36,260 And what we mean by that is there is one shared key that any device that want to connect to the network 7 00:00:36,470 --> 00:00:39,350 can use and they'll get access to the network. 8 00:00:39,590 --> 00:00:45,860 So there is one key in the network that key is shared between all the clients all the devices that want 9 00:00:45,860 --> 00:00:47,270 to connect to the network. 10 00:00:47,480 --> 00:00:52,860 And if you have that key then you can authenticate and connect to the network. 11 00:00:52,910 --> 00:00:59,060 Now because this is a very simple concept the router manages the authentication in this case because 12 00:00:59,060 --> 00:01:00,620 we only have one key. 13 00:01:01,040 --> 00:01:06,150 So whenever a client wants to connect to the network they have to give that one specific key. 14 00:01:06,260 --> 00:01:11,090 And if that key is correct the router will allow the client to access the network or the internet. 15 00:01:11,120 --> 00:01:16,790 If not then theyll just refuse them and not even give them an IP address. 16 00:01:16,790 --> 00:01:21,760 Now WPA enterprise is another form of authentication. 17 00:01:21,980 --> 00:01:29,300 So we have a fire escape which is pre-shared key authentication and we have another form of authentication 18 00:01:29,510 --> 00:01:33,170 called WPA enterprise. 19 00:01:33,210 --> 00:01:37,940 Now as the name suggests it's designed for bigger and larger networks. 20 00:01:38,020 --> 00:01:45,150 It's usually used in large organizations such as Big companies universities and so on. 21 00:01:45,190 --> 00:01:52,690 The idea behind this is each user that wants to connect to the network needs to have their own username 22 00:01:53,020 --> 00:01:54,470 and their own password. 23 00:01:54,670 --> 00:01:56,520 So there is no shared key. 24 00:01:56,530 --> 00:02:00,950 Each client has to have their own key to connect to the network. 25 00:02:01,450 --> 00:02:06,480 Now this is actually a more secure implementation and it has a lot of advantages. 26 00:02:06,910 --> 00:02:13,570 First of all it's more secure because each user will have a unique key so their traffic will also be 27 00:02:13,570 --> 00:02:21,460 encrypted using this unique key and it's more practical because if you want to deny a certain user from 28 00:02:21,460 --> 00:02:24,460 connecting you won't have to change the one password. 29 00:02:24,460 --> 00:02:28,900 You'll just have to remove their password from the authentication server. 30 00:02:29,990 --> 00:02:34,960 That because of this idea and the implementation the router cannot handle this. 31 00:02:34,960 --> 00:02:39,940 And we usually use a central server for authentication. 32 00:02:39,940 --> 00:02:45,760 Now the central server is very handy because we can add users and prevent users from connecting to the 33 00:02:45,760 --> 00:02:49,660 network without having to change the password for the whole network. 34 00:02:49,990 --> 00:02:56,740 So one use an MP a pre-shared key if we wanted to prevent a certain user or if we wanted if we thought 35 00:02:56,740 --> 00:02:58,530 that our password got stolen. 36 00:02:58,660 --> 00:03:03,790 Then we have to change the password and then we have to give the new password to all of the users that 37 00:03:03,880 --> 00:03:09,220 we want to allow to connect to the network and the WPA enterprise case. 38 00:03:09,310 --> 00:03:14,800 We don't have to do that if we think up certain passwords stolen or if we want to prevent a certain 39 00:03:14,800 --> 00:03:20,770 user from connecting then we can just modify our central server there as Radius server and remove the 40 00:03:20,770 --> 00:03:25,180 password that we don't want to allow on our network. 41 00:03:25,380 --> 00:03:32,590 Now WPA enterprises also considered to be more secure because like I said each user get their own key 42 00:03:32,860 --> 00:03:37,300 and their traffic is encrypted using their own unique key. 43 00:03:37,390 --> 00:03:43,600 Whereas in S-K in the pre-shared key authentication all the traffic through the network will be encrypted 44 00:03:43,840 --> 00:03:46,630 using the one single shared key. 45 00:03:46,900 --> 00:03:52,950 So regardless of the user they'll all be using the same exact key. 46 00:03:52,980 --> 00:03:58,800 So right here I have a diagram of the way WPA enterprise usually configured. 47 00:03:58,860 --> 00:04:01,800 Now the access point will not be handle and authentication. 48 00:04:01,800 --> 00:04:02,780 Like I said. 49 00:04:02,820 --> 00:04:08,400 So the client is going to use some sort of authentication usually a username and password. 50 00:04:08,640 --> 00:04:14,040 It's going to send it to the access point the access point will not do any form of verification. 51 00:04:14,040 --> 00:04:22,200 It literally just forward that to the radius server the radius server is the brain or is the entity 52 00:04:22,410 --> 00:04:27,330 that decides whether this form of authentication is correct or not. 53 00:04:27,360 --> 00:04:31,230 If the username and password are correct it's going to tell the access point. 54 00:04:31,320 --> 00:04:31,940 OK. 55 00:04:31,980 --> 00:04:32,960 These are correct. 56 00:04:33,000 --> 00:04:38,210 Allow this device to access the resource whether it's the Internet or the network. 57 00:04:38,400 --> 00:04:44,820 So the access point is going to assign an IP address to this computer and allow it to access the network. 58 00:04:44,820 --> 00:04:51,270 Therefore when we want to add new users or prevent users from connecting all we have to do is just modify 59 00:04:51,270 --> 00:04:56,520 our server here and remove the users that we we don't want them to connect. 60 00:04:56,550 --> 00:05:02,250 Now WPA enterprise uses and Orphic authentication protocol called EAP. 61 00:05:02,340 --> 00:05:09,790 But there are other implementations that you might face like EAP first L AP anti-alias. 62 00:05:09,870 --> 00:05:16,480 Now I'm just trying to give you a basic understanding of what we mean by WPA enterprise and how it works. 63 00:05:16,770 --> 00:05:22,140 And in the next lecture we're going to discuss how we can hack this and gain access to networks that 64 00:05:22,140 --> 00:05:24,120 use this form of authentication. 7372