CWNP CWSP – Module 03 – Encryption Ciphers and Methods Part 6

16. Proprietary Solutions

And finally, I’m not going to talk much more about this there are proprietary solutions. Many vendors have created their own types of solutions. Like one called X SEC, which is a vendor specific wired wireless security solution. Something used by a very good wireless company, Aruba and Funk. It used a 256 bit encryption. The problem is, you had to use all Aruba equipment to make that that happen.

Fortress was another example of proprietary client software used for secure solutions, which means you’d have to install it on all the machines. I’m not saying there’s anything wrong with those. It’s just that when it comes to interoperability and you’re not using all the same products, something we call a heterogeneous type of setup then these proprietary solutions are probably not best suited for your choice of doing taxon.

17. Demo – Encryption Example

What I’m going to do here is just briefly show you some examples of why encryption is important and what is seen by somebody who is doing a packet capture of your wireless traffic. So I’m using a tool called Wireshark. It’s a packet capture tool. And you can, depending on the network card and whether or not some prisoners Promiscuous mode or not, you can actually listen in on all of the back and forth conversations between one station and an access point. And so what you’re seeing here, set up real quick, is that they are and this is going to come up in later chapters and we’ll talk about it, but we’re going to see this thing called a four way handshake using EEP over the land or epALL. And what they’re doing here is these are key messages. And what they’re doing is negotiating a security key for the two to use to encrypt all of their information.

Now, if you’ve not used Wireshark, when you click on any one of these frames, and these are the frames in the order that they were seen, and you can kind of get the time lapse in between. We started at 0 second. After 1. 1 second, we saw the next frame. So we can see that these four frames happened in less than zero 6 seconds. So negotiating your security keys is very easy, very quick, and this is being done to help us understand, or I’m showing it to you anyway, to help you understand that when we’re using CCMP that we are going to see this four way handshake to exchange keys. Now, the reason it’s important is when we look at this, like, for example, this first packet.

Now, this first packet, the protocol is called 800 and 211. Now, that’s unusual because normally if I were sniffing on a wired card wired network, I would see protocols like TCP or UDP or ICMP, not protocols called 800 and 211. And the reason for that is, if you remember what I showed you by diagram, is that the only part of a frame that is not encrypted is that part of the frame that has the Mac address. So we don’t know what’s going on at layer four.

So we’re just calling it the 800 and 211. When you click on a frame down here in the middle, you actually get to see the breakdown of that frame. And if I could just get rid of this part of it a little bit more to make it easier to see. And I’ll move this up a little bit so we get a little more room to look at the details. Now, when you look at this, the next thing says source and destination.

The source and destination. In this particular case, for the protocol, 800 and 211 are the source Mac address and the destination Mac address. Now, you might be thinking to yourself, why does it say Cisco Li? And then underscore 74, 95 92. When a vendor creates any type of network card, the first three bytes of Hexadecimal are assigned to that vendor. So every card that Cisco would create would have the first three bytes assigned to them.

And so Wireshark is just putting in there for you the information about who made the card. And then they’re showing you the last three bytes, which are uniquely assigned by each of the vendors. Now, it is a data frame. And as a data frame, what it does is it basically breaks it down to let you see what you have here. So obviously this is a packet capture file from a while back, but it just gives us things like the encapsulation type. So we are calling it 800 and 211, because that’s all we can really see under the IEEE 800 and 211 data when we start looking at some of the rest of this. And I’m not going to take you through each and every one of them. But again, you’re seeing the receiver address, the basic service set, ID transmitter address, source address, destination address.

Right? So you’re breaking it down so you know who’s talking to each other. But when we get to the data field, the data field is and I click on data, is what’s being shown down to you here. Now the data field is broken up into these Hexadecimal values and then converted into the text option of what those Hexadecimal values mean. Now, if I was sending a clear text file, all of these Hexadecimal values would actually represent a letter of the alphabet. It’s using what’s called ANSI I’m sorry, an Si. But because it is encrypted and we’re using values that don’t have an ANSI equivalent, you’re seeing little dots. But what I’m trying to show you here is that this is what a person would capture. They would see basically nonsense that they can’t translate.

Now, what is interesting with this tool is that, and I’m not going to show it to you here, but what is interesting is if you know the encryption key that was created and generated, you can actually apply it to these packets and actually decrypt the message with this tool. But you would need to know the key. And at this point, I don’t have the key in front of me, so I don’t know what the key was. But that’s what you’re basically looking for, is to see that your data fields and when I get down to the bottom of these headers, that your data is all encrypted, right? We cannot make sense out of it or see it in clear text.

So we cannot snoop. Well, I mean, we can snoop, but the information that I see is not going to mean anything to us. And that’s what you’re looking at as we come through here. Now, later on we are going to talk a little bit about these beacons and some of the management stuff, but that’s coming up in some of our later parts of this course, but I wanted to show you what can be seen if we do encryption properly. Help defeat somebody who would otherwise just be listening to your data and seeing it in clear text and being able to steal whatever information, your passwords or whatever the case may be.

18. Module 03 Review

All right, so our goal here was to talk a lot about this foundation of encryption. We went through the encryption basics. We talked about the wireless lam encryption methods. We talked about WEP TKIP CCMP.

We introduced WPA WPA II knowing we’re going to talk more about it. And then I just briefly mentioned that there are proprietary implementations that you might consider to use.