In this lesson, you’ll learn about:
Mitigation:
Mitigation:
Mitigation:
Mitigation:
Mitigation:
- Wireless networking standards and operating modes
- Wi-Fi security best practices and hardening techniques
- Cellular/mobile device threats and defensive controls
- Common wireless attacks and mitigation strategies
- 802.11a: 5 GHz
- 802.11b: 2.4 GHz
- 802.11g: 2.4 GHz (faster successor to 11b)
- 802.11n: Operates on both 2.4 GHz and 5 GHz
- 802.11ac: Supports speeds up to ~1 Gbps
- 802.11ax (Wi-Fi 6): Expected speeds up to ~10 Gbps
- Infrastructure Mode: Central router/AP manages communication (default in homes & businesses).
- Ad-Hoc Mode: Peer-to-peer direct communication without an access point.
- WEP: Extremely insecure; crackable in under 5 minutes (e.g., via Aircrack-ng).
- Original WPA: Outdated and vulnerable.
- WPA2-AES: Modern, strong encryption; trusted by government agencies and industry.
- Change all default settings:
Default usernames, passwords, and SSIDs often reveal the device manufacturer and potential vulnerabilities. - Use non-descriptive SSIDs:
Avoid names indicating location, company, or purpose (OPSEC). - Enable 802.1X EAP authentication:
Provides strong client verification. - MAC Filtering:
Restricts access to pre-approved hardware devices. (Not perfect, but adds friction.) - Network Isolation:
Guest Wi-Fi should be separated from internal corporate networks. - Firmware Updates:
Essential to patch vulnerabilities (e.g., WPA2 KRACK).
Consider alternative firmware such as DD-WRT or OpenWRT. - Use WIDS/WIPS:
Wireless Intrusion Detection/Prevention systems to monitor or block threats. - Emanation Security (MSE):
Limit broadcast power to prevent signals from leaking outside the intended perimeter. - Consider static IP assignments:
Makes it harder for attackers to validate successful infiltration.
- IMSI Catchers (Stingrays):
Fake cell towers used for Man-in-the-Middle attacks, capturing voice, SMS, and metadata.
- Always use end-to-end encrypted protocols, such as:
- Signal Protocol (Signal, WhatsApp) for calls, messages, and video
Standard voice calls and SMS are unencrypted and easily intercepted.
- Signal Protocol (Signal, WhatsApp) for calls, messages, and video
- Screen lock and passcode policies
- App installation restrictions
- Remote wipe capability
- Account lockout rules
- Corporate/BYOD separation of data
Mitigation:
- Employee education about correct SSID names
- Disable auto-connect to unknown networks
Mitigation:
- Immediate firmware and OS updates across all vendors
Mitigation:
- Use stronger authentication (e.g., 802.1X)
Mitigation:
- Enforce secure, encrypted protocols end-to-end
Mitigation:
- Client
Mark as Played
Transcript
Episode Transcript
Available transcripts are automatically generated. Complete accuracy is not guaranteed.
Speaker 1 (00:00):
Welcome back to the deep dive. Today, we're taking a
kind of security X ray of the invisible infrastructure that
basically runs our lives wireless networks. You know, you click
connect to the Wi Fi or you see that five
gicon light up, and you just assume it's safe, But
there are layers upon layers of technical standards and well
(00:20):
vulnerabilities beneath that simple connection.
Speaker 2 (00:23):
That's absolutely right.
Speaker 1 (00:24):
And for this deep dive, we're hoping to move you
past just being a user and get you thinking more
like a security architect. Okay, we need to understand not
just the standards for your home router, but also the
protocols protecting the cell phone that's in your pocket right now.
Our mission here is to move from that sort of
passive trust to active verification.
Speaker 2 (00:45):
Giving you the practical steps the real operational security to
lock things down exactly. Okay, so let's unpack this. We'll
start with the fundamentals, the kind of technical language of wireless.
Then we'll dive into the critical steps for hardening your
actual Wi Fi network, and after that we'll pivot to
the unique threats facing mobile devices and then wrap it
all up with a tactical breakdown of common wireless attacks
(01:06):
and more importantly, their defenses perfect.
Speaker 1 (01:09):
So where do we start.
Speaker 2 (01:10):
Let's start at the very beginning. The foundation what we
all call wi fi is technically speaking, the eight to
two point one to one.
Speaker 1 (01:17):
Standard, and that comes from the IEE, right, the Institute
of Electrical and Electronics Engineers, that's them.
Speaker 2 (01:23):
It's really just the rule book for how devices talk
to each other using.
Speaker 1 (01:27):
Radio waves, and those radio waves operate across a spectrum
that's set by bodies like the FCC. Here in the US,
we always hear about two point four gigaherts and five gigaherts.
Speaker 2 (01:36):
Right, And the two point four gigahertz band is great
because it penetrates walls really well, gives you range, but.
Speaker 1 (01:41):
It's crowded like a really busy highway. Microwaves, old cordless phones, Bluetooth, they're.
Speaker 2 (01:47):
All on there, they are, And that five gigahertz band
is your express lane, much faster speeds, but less range.
It doesn't travel through physical barriers nearly as well.
Speaker 1 (01:57):
So the whole story of a to two point one
one one is just about getting more data through those
airwaves faster and faster.
Speaker 2 (02:04):
That's the whole game.
Speaker 1 (02:05):
So instead of listing every single standard, what are the
key milestones, like, when did Wi Fi actually get fast?
Speaker 2 (02:11):
Good question? The early days, you know, aight oh two
point one to one B and G, they were pretty slow.
We're talking maybe eleven to fifty four megabits.
Speaker 1 (02:20):
Per second, which felt fast then, but not now, not
at all.
Speaker 2 (02:24):
The real step change came with eight hundred and two
point one to one end. That was the first standard
that really hit fast speeds. We're talking hundreds of megabits,
and critically, it was the first one to use both
the two point four and five gigahertz.
Speaker 1 (02:35):
Bands, and that's where dual band routers came from exactly.
Speaker 2 (02:39):
And the current standard most people are running at home
or in the office, that's likely eight O two point
one oh on ACE, which is often called.
Speaker 1 (02:45):
Wi Fi five, the gigabit standard YEP.
Speaker 2 (02:47):
The gigabit per second standard, usually on that faster five
gigahertz frequency, and looking forward, you've got eight to two
point one oh one X or Wi Fi six, which
is aiming for just incredible speeds up to ten gigabits
per second.
Speaker 1 (02:59):
Okay, before we leave the basics, two quick network concepts.
Most of us use infrastructure mode.
Speaker 2 (03:03):
Right where you connect to a central router or access
points like ninety nine percent of network.
Speaker 1 (03:07):
But there's also something called ad hoc mode. What is that? Simply?
Speaker 2 (03:10):
Ad hoc is just peer to peer. Think of it
like a temporary digital handshake. Two laptops connecting directly to
each other to share a file. No middleman, got it.
Speaker 1 (03:20):
And that name you see when you try to connect
like home.
Speaker 2 (03:22):
Wi Fi, that's your SSID, the service set identifier.
Speaker 1 (03:26):
Okay, so we have the language down. Let's jump into
part two. Securing this thing and the history of wireless security. Well,
it started with a colossal failure, they really did.
Speaker 2 (03:36):
The first method was WP or wired equivalent privacy. The
name sounds good.
Speaker 1 (03:40):
Right, sounds secure, equivalent.
Speaker 2 (03:42):
Tool wire but the encryption had a fatal flaw. And
the crucial I mean, the startling detail here is that
WEP can be cracked in less than five minutes, five minutes,
less than five minutes using common free tools like air
cracking on just a regular laptop.
Speaker 1 (03:56):
So WP isn't security. It's basically a welcome map for
an attack.
Speaker 2 (04:00):
It's a warning label. Yeah yeah, so rule one never
ever use WEP.
Speaker 1 (04:05):
Okay, So if WPEP is useless. What is the mandatory
modern standard.
Speaker 2 (04:09):
You must use WPA two AES. So WPA two is
the protocol and AES is the encryption algorithm.
Speaker 1 (04:15):
Ay, yes, that's the advanced encryption standard.
Speaker 2 (04:18):
Is it's the symmetric encryption standard used by the US
government to protect confidential data. If it's good enough for
their secrets, it's definitely good enough for your WiFi. It's
for all practical purposes unbreakable by brute force.
Speaker 1 (04:31):
So WPA two AES for encryption. But what about authentication
making sure only the right people can even try to connect.
Speaker 2 (04:40):
That's where you'd use something like eight oh two point
one XEAP. This is a method for authenticating clients both
wired and.
Speaker 1 (04:47):
Wireless, and EAP is extensible authentication protocol. So the router
isn't just checking a simple shirt password exactly.
Speaker 2 (04:54):
It's checking the user's actual identity against a central server.
It's much more robust than say MIC filtering.
Speaker 1 (05:01):
Let's talk about that. MSSC filtering is just telling the router, Hey,
only my laptop and my phone are allowed on. So
you're filtering by the physical device address. Why is a
too two point one x better?
Speaker 2 (05:11):
Because a mass address, the physical address of your network
card can be spoofed. It can be faked, so an
attacker can just copy in a lowed massy address and
bypass that filter completely.
Speaker 1 (05:20):
Ah so aight er two point one X verifies the user,
which is much harder to fake than a device idea,
much hard. Let's move to operational security OPSEC for routers.
We all know to change the default admin password, but
you said changing the SID the network name is just
as important.
Speaker 2 (05:38):
Why because the default name is a huge gift to
an attacker. If your SSID is linkxy's router or nick
your five G, you are screaming the manufacturer's name.
Speaker 1 (05:49):
Which tells them exactly what vulnerabilities to look for.
Speaker 2 (05:52):
Instantly, they can look up known exploits for that specific brand,
maybe even that model. By changing it to something unique,
you force them to work so much harder just to
figure out what they're even attacking.
Speaker 1 (06:02):
That's a great tip. Another one is isolation. You say
you must separate your wireless from your main private network.
Speaker 2 (06:08):
Absolutely, Your wireless network is fundamentally the weakest access point
to your physical building. If an attacker breaches your Wi Fi,
you want them trapped in a guest standbox, not immediately
on the same network as your financial servers.
Speaker 1 (06:20):
It limits the blast radius perfectly.
Speaker 2 (06:22):
Put.
Speaker 1 (06:23):
Okay, here's a brilliant counterintuitive move. You mentioned using static
IP addresses instead of DHCP. Can you explain what DHCP
is and why turning it off helps security?
Speaker 2 (06:33):
Sure. DHCP, the Dynamic Host Configuration Protocol is what automatically
hands out an IP address to every device that connects.
Speaker 1 (06:41):
It's convenient, right, your phone connects and boom, it has
an address. It's on the Internet.
Speaker 2 (06:46):
But the problem is if an attacker gets past your password,
their computer also automatically gets an IP address and the
instantly no, I'm in, I have connectivity.
Speaker 1 (06:56):
I see. So by using static ips, where you have
to manual assign them, you force the attacker to guess
your network scheme right.
Speaker 2 (07:04):
They have to figure out the right IP address, the
subnet mask, the gateway. Yeah, it adds a massive layer
of friction and confusion. It slows them way down.
Speaker 1 (07:11):
That's clever. A final physical security point. Firmware and emsec.
Speaker 2 (07:16):
Yeah, always update your router's firmware always and consider open
source firmware like DDWRT and emseec or emanation. Security is
just about making sure your radio signals don't spill out
into the street.
Speaker 1 (07:29):
You mean doing a site survey to check your signal
strength outside the building Exactly.
Speaker 2 (07:33):
You don't want someone in a van across the street
sniffing your network traffic because your signal is just blasting
out into the open.
Speaker 1 (07:39):
Okay, let's pivot hard to the device we carry everywhere,
our phones. The risk here is just astronomical. What's the
biggest threat to our cellular connection itself?
Speaker 2 (07:50):
The biggest threat is that we implicitly trust the carrier
name on our screen, Verizon, AT and T, whatever, but
that connection could be hijacked with a device called an
IMSI catcher sometimes known as a.
Speaker 1 (08:03):
Stingray, and the IMSI catcher actively tricks your phone. It
pretends to be a legitimate cell tower, but with a
stronger signal.
Speaker 2 (08:10):
Precisely, your phone is designed to connect to the strongest
signal available, so it drops the real tower and connects
to the fake one. And once it does, the malicious
operator is sitting in the.
Speaker 1 (08:20):
Middle, a classic man in the middle attack and.
Speaker 2 (08:22):
The classic man in the middle, they can intercept your
voice calls, your texts, your data traffic, and you have
absolutely no idea.
Speaker 1 (08:28):
So if regular cell calls can be so easily intercepted.
What's the defense?
Speaker 2 (08:32):
You have to use end to end encrypted protocols. The
gold standard is the Signal protocol.
Speaker 1 (08:37):
Which is used by the signal app but also by
What's app right.
Speaker 2 (08:40):
It encrypts the data from your phone all the way
to the receiver's phone, so even if someone intercepts it,
it's just useless scrambled data.
Speaker 1 (08:48):
And here's the big warning for everyone listening. SMS text
messages are sent in plaintext.
Speaker 2 (08:53):
Totally unencrypted, like a postcard. Anyone who can access the
network traffic can read them. Never ever use that for
anything sensitive.
Speaker 1 (09:02):
So beyond the individual, what about organizations? How do they
manage all these phones?
Speaker 2 (09:06):
They use something called an MDM, a mobile device management system.
MDMs are key. They let an administrator remotely wipe a
lost phone and for strong pass codes and control which
apps can be installed.
Speaker 1 (09:18):
And we saw a huge real world example of mobile
privacy failure with the US military, didn't.
Speaker 2 (09:23):
We We did? The Pentagon had to ban troops from
using fitness trackers overseas. Why because the GPS and geotagging
data from the trackers was being posted online publicly. It
was literally revealing the patrol roads and locations of troops
on military basis.
Speaker 1 (09:38):
Wow, that just underscores how much location data our devices
are constantly recording all the time. Okay, let's move to
the tactical defense summary. We've got the big picture. Now
let's hit some specific attacks and how to stop them.
Speaker 2 (09:50):
Let's do it. Starting with the easiest exploitation of defaults.
Speaker 1 (09:55):
Attacker uses admin password netgear. The mitigation is chained the.
Speaker 2 (10:00):
Immediately change the SSID, change the password, use a strong
one simple.
Speaker 1 (10:05):
Next bypassing week encryption easy win.
Speaker 2 (10:08):
Always use WPA two dash aes WAP is not an option.
Speaker 1 (10:13):
What about something more sophisticated like the WPA two kick attack.
Speaker 2 (10:17):
KIDA SKE, which stands for key reinstallation attacks was a
really clever exploit in the WPA two handshake process.
Speaker 1 (10:24):
Sounds bad. How do we defend against it?
Speaker 2 (10:26):
This is a passive defense, but it's critical keep your
router and your device firmware updated. All the major vendors
patch to this vulnerability years ago, but the patch only
works if you actually install it right.
Speaker 1 (10:36):
Okay, Next up malicious access points, the rogue AP inside
the network and the evil twin outside.
Speaker 2 (10:41):
For rogue aps. You need to regularly scan your network
to find and remove unauthorized devices. For the evil twin,
which might be a fake airport Wi Fi, it's all
about user education.
Speaker 1 (10:51):
Tell people to disable autoconnect for public networks.
Speaker 2 (10:54):
Exactly, and always always use a VPN when you're on
public Wi Fi.
Speaker 1 (10:59):
Okay, and attack is on the network and starts packet sniffing,
reading the data in the air.
Speaker 2 (11:03):
Defense end to end secure protocols. If all your traffic
is HTTPS, then even if they sniff the packets, all
they get is encrypted gibberish.
Speaker 1 (11:12):
And we mentioned m AD address spoofing. How do we
stop that?
Speaker 2 (11:15):
You move beyond that simple filter and implement eight oh
two point one X authentication, Verify the user, not just
the device ID that can be copied.
Speaker 1 (11:23):
And the final one, the one that always works.
Speaker 2 (11:26):
Social engineering, ah yeah, the trickery someone calls pretending to
be from it to get the password. The only mitigation
here is constant ongoing user education, a good security awareness program.
The human will always be the weakest link.
Speaker 1 (11:40):
So when you boil it all down, it seems like
there are two main problem areas we have to fix.
Speaker 2 (11:44):
I think. So first, you have to avoid weak standards
like using WEP that's a technical fix, and second you
have to manage the human element. That's a training fix.
Speaker 1 (11:54):
Which brings us to the core principle that really underpins
everything we've talked about today it does.
Speaker 2 (11:58):
That principle is trust but verify. Explain that you have
to maintain a state of general trust to get anything
done in life, but you always need a process to
verify things that seem out of the ordinary. Someone shows
up saying they're a network tech.
Speaker 1 (12:14):
You can trust them, but you first verify their ID,
You call their company to confirm the work order before
you let them into the server room.
Speaker 2 (12:22):
That is it perfectly trust but verify.
Speaker 1 (12:24):
It's a crucial mindset. Security is always this negotiation between
total paranoia and just, you know, being able to function.
So here's a final thought for you to take away
as you audit your own setup. If you are designing
a security policy for a small business with highly sensitive data,
which single measure beyond the mandatory WPA two aes would
(12:45):
you enforce first at two point one X authentication, MAC
filtering or network isolation And think about why that specific
measure gives you the biggest bang for your buck against
the most threats.
Speaker 2 (12:57):
That's a great question that you want take that with
you apply these tips and please go update your firmware.
Speaker 1 (13:01):
We'll catch you on the next deep dive.
Welcome back to the deep dive. Today, we're taking a
kind of security X ray of the invisible infrastructure that
basically runs our lives wireless networks. You know, you click
connect to the Wi Fi or you see that five
gicon light up, and you just assume it's safe, But
there are layers upon layers of technical standards and well
(00:20):
vulnerabilities beneath that simple connection.
Speaker 2 (00:23):
That's absolutely right.
Speaker 1 (00:24):
And for this deep dive, we're hoping to move you
past just being a user and get you thinking more
like a security architect. Okay, we need to understand not
just the standards for your home router, but also the
protocols protecting the cell phone that's in your pocket right now.
Our mission here is to move from that sort of
passive trust to active verification.
Speaker 2 (00:45):
Giving you the practical steps the real operational security to
lock things down exactly. Okay, so let's unpack this. We'll
start with the fundamentals, the kind of technical language of wireless.
Then we'll dive into the critical steps for hardening your
actual Wi Fi network, and after that we'll pivot to
the unique threats facing mobile devices and then wrap it
all up with a tactical breakdown of common wireless attacks
(01:06):
and more importantly, their defenses perfect.
Speaker 1 (01:09):
So where do we start.
Speaker 2 (01:10):
Let's start at the very beginning. The foundation what we
all call wi fi is technically speaking, the eight to
two point one to one.
Speaker 1 (01:17):
Standard, and that comes from the IEE, right, the Institute
of Electrical and Electronics Engineers, that's them.
Speaker 2 (01:23):
It's really just the rule book for how devices talk
to each other using.
Speaker 1 (01:27):
Radio waves, and those radio waves operate across a spectrum
that's set by bodies like the FCC. Here in the US,
we always hear about two point four gigaherts and five gigaherts.
Speaker 2 (01:36):
Right, And the two point four gigahertz band is great
because it penetrates walls really well, gives you range, but.
Speaker 1 (01:41):
It's crowded like a really busy highway. Microwaves, old cordless phones, Bluetooth, they're.
Speaker 2 (01:47):
All on there, they are, And that five gigahertz band
is your express lane, much faster speeds, but less range.
It doesn't travel through physical barriers nearly as well.
Speaker 1 (01:57):
So the whole story of a to two point one
one one is just about getting more data through those
airwaves faster and faster.
Speaker 2 (02:04):
That's the whole game.
Speaker 1 (02:05):
So instead of listing every single standard, what are the
key milestones, like, when did Wi Fi actually get fast?
Speaker 2 (02:11):
Good question? The early days, you know, aight oh two
point one to one B and G, they were pretty slow.
We're talking maybe eleven to fifty four megabits.
Speaker 1 (02:20):
Per second, which felt fast then, but not now, not
at all.
Speaker 2 (02:24):
The real step change came with eight hundred and two
point one to one end. That was the first standard
that really hit fast speeds. We're talking hundreds of megabits,
and critically, it was the first one to use both
the two point four and five gigahertz.
Speaker 1 (02:35):
Bands, and that's where dual band routers came from exactly.
Speaker 2 (02:39):
And the current standard most people are running at home
or in the office, that's likely eight O two point
one oh on ACE, which is often called.
Speaker 1 (02:45):
Wi Fi five, the gigabit standard YEP.
Speaker 2 (02:47):
The gigabit per second standard, usually on that faster five
gigahertz frequency, and looking forward, you've got eight to two
point one oh one X or Wi Fi six, which
is aiming for just incredible speeds up to ten gigabits
per second.
Speaker 1 (02:59):
Okay, before we leave the basics, two quick network concepts.
Most of us use infrastructure mode.
Speaker 2 (03:03):
Right where you connect to a central router or access
points like ninety nine percent of network.
Speaker 1 (03:07):
But there's also something called ad hoc mode. What is that? Simply?
Speaker 2 (03:10):
Ad hoc is just peer to peer. Think of it
like a temporary digital handshake. Two laptops connecting directly to
each other to share a file. No middleman, got it.
Speaker 1 (03:20):
And that name you see when you try to connect
like home.
Speaker 2 (03:22):
Wi Fi, that's your SSID, the service set identifier.
Speaker 1 (03:26):
Okay, so we have the language down. Let's jump into
part two. Securing this thing and the history of wireless security. Well,
it started with a colossal failure, they really did.
Speaker 2 (03:36):
The first method was WP or wired equivalent privacy. The
name sounds good.
Speaker 1 (03:40):
Right, sounds secure, equivalent.
Speaker 2 (03:42):
Tool wire but the encryption had a fatal flaw. And
the crucial I mean, the startling detail here is that
WEP can be cracked in less than five minutes, five minutes,
less than five minutes using common free tools like air
cracking on just a regular laptop.
Speaker 1 (03:56):
So WP isn't security. It's basically a welcome map for
an attack.
Speaker 2 (04:00):
It's a warning label. Yeah yeah, so rule one never
ever use WEP.
Speaker 1 (04:05):
Okay, So if WPEP is useless. What is the mandatory
modern standard.
Speaker 2 (04:09):
You must use WPA two AES. So WPA two is
the protocol and AES is the encryption algorithm.
Speaker 1 (04:15):
Ay, yes, that's the advanced encryption standard.
Speaker 2 (04:18):
Is it's the symmetric encryption standard used by the US
government to protect confidential data. If it's good enough for
their secrets, it's definitely good enough for your WiFi. It's
for all practical purposes unbreakable by brute force.
Speaker 1 (04:31):
So WPA two AES for encryption. But what about authentication
making sure only the right people can even try to connect.
Speaker 2 (04:40):
That's where you'd use something like eight oh two point
one XEAP. This is a method for authenticating clients both
wired and.
Speaker 1 (04:47):
Wireless, and EAP is extensible authentication protocol. So the router
isn't just checking a simple shirt password exactly.
Speaker 2 (04:54):
It's checking the user's actual identity against a central server.
It's much more robust than say MIC filtering.
Speaker 1 (05:01):
Let's talk about that. MSSC filtering is just telling the router, Hey,
only my laptop and my phone are allowed on. So
you're filtering by the physical device address. Why is a
too two point one x better?
Speaker 2 (05:11):
Because a mass address, the physical address of your network
card can be spoofed. It can be faked, so an
attacker can just copy in a lowed massy address and
bypass that filter completely.
Speaker 1 (05:20):
Ah so aight er two point one X verifies the user,
which is much harder to fake than a device idea,
much hard. Let's move to operational security OPSEC for routers.
We all know to change the default admin password, but
you said changing the SID the network name is just
as important.
Speaker 2 (05:38):
Why because the default name is a huge gift to
an attacker. If your SSID is linkxy's router or nick
your five G, you are screaming the manufacturer's name.
Speaker 1 (05:49):
Which tells them exactly what vulnerabilities to look for.
Speaker 2 (05:52):
Instantly, they can look up known exploits for that specific brand,
maybe even that model. By changing it to something unique,
you force them to work so much harder just to
figure out what they're even attacking.
Speaker 1 (06:02):
That's a great tip. Another one is isolation. You say
you must separate your wireless from your main private network.
Speaker 2 (06:08):
Absolutely, Your wireless network is fundamentally the weakest access point
to your physical building. If an attacker breaches your Wi Fi,
you want them trapped in a guest standbox, not immediately
on the same network as your financial servers.
Speaker 1 (06:20):
It limits the blast radius perfectly.
Speaker 2 (06:22):
Put.
Speaker 1 (06:23):
Okay, here's a brilliant counterintuitive move. You mentioned using static
IP addresses instead of DHCP. Can you explain what DHCP
is and why turning it off helps security?
Speaker 2 (06:33):
Sure. DHCP, the Dynamic Host Configuration Protocol is what automatically
hands out an IP address to every device that connects.
Speaker 1 (06:41):
It's convenient, right, your phone connects and boom, it has
an address. It's on the Internet.
Speaker 2 (06:46):
But the problem is if an attacker gets past your password,
their computer also automatically gets an IP address and the
instantly no, I'm in, I have connectivity.
Speaker 1 (06:56):
I see. So by using static ips, where you have
to manual assign them, you force the attacker to guess
your network scheme right.
Speaker 2 (07:04):
They have to figure out the right IP address, the
subnet mask, the gateway. Yeah, it adds a massive layer
of friction and confusion. It slows them way down.
Speaker 1 (07:11):
That's clever. A final physical security point. Firmware and emsec.
Speaker 2 (07:16):
Yeah, always update your router's firmware always and consider open
source firmware like DDWRT and emseec or emanation. Security is
just about making sure your radio signals don't spill out
into the street.
Speaker 1 (07:29):
You mean doing a site survey to check your signal
strength outside the building Exactly.
Speaker 2 (07:33):
You don't want someone in a van across the street
sniffing your network traffic because your signal is just blasting
out into the open.
Speaker 1 (07:39):
Okay, let's pivot hard to the device we carry everywhere,
our phones. The risk here is just astronomical. What's the
biggest threat to our cellular connection itself?
Speaker 2 (07:50):
The biggest threat is that we implicitly trust the carrier
name on our screen, Verizon, AT and T, whatever, but
that connection could be hijacked with a device called an
IMSI catcher sometimes known as a.
Speaker 1 (08:03):
Stingray, and the IMSI catcher actively tricks your phone. It
pretends to be a legitimate cell tower, but with a
stronger signal.
Speaker 2 (08:10):
Precisely, your phone is designed to connect to the strongest
signal available, so it drops the real tower and connects
to the fake one. And once it does, the malicious
operator is sitting in the.
Speaker 1 (08:20):
Middle, a classic man in the middle attack and.
Speaker 2 (08:22):
The classic man in the middle, they can intercept your
voice calls, your texts, your data traffic, and you have
absolutely no idea.
Speaker 1 (08:28):
So if regular cell calls can be so easily intercepted.
What's the defense?
Speaker 2 (08:32):
You have to use end to end encrypted protocols. The
gold standard is the Signal protocol.
Speaker 1 (08:37):
Which is used by the signal app but also by
What's app right.
Speaker 2 (08:40):
It encrypts the data from your phone all the way
to the receiver's phone, so even if someone intercepts it,
it's just useless scrambled data.
Speaker 1 (08:48):
And here's the big warning for everyone listening. SMS text
messages are sent in plaintext.
Speaker 2 (08:53):
Totally unencrypted, like a postcard. Anyone who can access the
network traffic can read them. Never ever use that for
anything sensitive.
Speaker 1 (09:02):
So beyond the individual, what about organizations? How do they
manage all these phones?
Speaker 2 (09:06):
They use something called an MDM, a mobile device management system.
MDMs are key. They let an administrator remotely wipe a
lost phone and for strong pass codes and control which
apps can be installed.
Speaker 1 (09:18):
And we saw a huge real world example of mobile
privacy failure with the US military, didn't.
Speaker 2 (09:23):
We We did? The Pentagon had to ban troops from
using fitness trackers overseas. Why because the GPS and geotagging
data from the trackers was being posted online publicly. It
was literally revealing the patrol roads and locations of troops
on military basis.
Speaker 1 (09:38):
Wow, that just underscores how much location data our devices
are constantly recording all the time. Okay, let's move to
the tactical defense summary. We've got the big picture. Now
let's hit some specific attacks and how to stop them.
Speaker 2 (09:50):
Let's do it. Starting with the easiest exploitation of defaults.
Speaker 1 (09:55):
Attacker uses admin password netgear. The mitigation is chained the.
Speaker 2 (10:00):
Immediately change the SSID, change the password, use a strong
one simple.
Speaker 1 (10:05):
Next bypassing week encryption easy win.
Speaker 2 (10:08):
Always use WPA two dash aes WAP is not an option.
Speaker 1 (10:13):
What about something more sophisticated like the WPA two kick attack.
Speaker 2 (10:17):
KIDA SKE, which stands for key reinstallation attacks was a
really clever exploit in the WPA two handshake process.
Speaker 1 (10:24):
Sounds bad. How do we defend against it?
Speaker 2 (10:26):
This is a passive defense, but it's critical keep your
router and your device firmware updated. All the major vendors
patch to this vulnerability years ago, but the patch only
works if you actually install it right.
Speaker 1 (10:36):
Okay, Next up malicious access points, the rogue AP inside
the network and the evil twin outside.
Speaker 2 (10:41):
For rogue aps. You need to regularly scan your network
to find and remove unauthorized devices. For the evil twin,
which might be a fake airport Wi Fi, it's all
about user education.
Speaker 1 (10:51):
Tell people to disable autoconnect for public networks.
Speaker 2 (10:54):
Exactly, and always always use a VPN when you're on
public Wi Fi.
Speaker 1 (10:59):
Okay, and attack is on the network and starts packet sniffing,
reading the data in the air.
Speaker 2 (11:03):
Defense end to end secure protocols. If all your traffic
is HTTPS, then even if they sniff the packets, all
they get is encrypted gibberish.
Speaker 1 (11:12):
And we mentioned m AD address spoofing. How do we
stop that?
Speaker 2 (11:15):
You move beyond that simple filter and implement eight oh
two point one X authentication, Verify the user, not just
the device ID that can be copied.
Speaker 1 (11:23):
And the final one, the one that always works.
Speaker 2 (11:26):
Social engineering, ah yeah, the trickery someone calls pretending to
be from it to get the password. The only mitigation
here is constant ongoing user education, a good security awareness program.
The human will always be the weakest link.
Speaker 1 (11:40):
So when you boil it all down, it seems like
there are two main problem areas we have to fix.
Speaker 2 (11:44):
I think. So first, you have to avoid weak standards
like using WEP that's a technical fix, and second you
have to manage the human element. That's a training fix.
Speaker 1 (11:54):
Which brings us to the core principle that really underpins
everything we've talked about today it does.
Speaker 2 (11:58):
That principle is trust but verify. Explain that you have
to maintain a state of general trust to get anything
done in life, but you always need a process to
verify things that seem out of the ordinary. Someone shows
up saying they're a network tech.
Speaker 1 (12:14):
You can trust them, but you first verify their ID,
You call their company to confirm the work order before
you let them into the server room.
Speaker 2 (12:22):
That is it perfectly trust but verify.
Speaker 1 (12:24):
It's a crucial mindset. Security is always this negotiation between
total paranoia and just, you know, being able to function.
So here's a final thought for you to take away
as you audit your own setup. If you are designing
a security policy for a small business with highly sensitive data,
which single measure beyond the mandatory WPA two aes would
(12:45):
you enforce first at two point one X authentication, MAC
filtering or network isolation And think about why that specific
measure gives you the biggest bang for your buck against
the most threats.
Speaker 2 (12:57):
That's a great question that you want take that with
you apply these tips and please go update your firmware.
Speaker 1 (13:01):
We'll catch you on the next deep dive.
Popular Podcasts
Stuff You Should Know
If you've ever wanted to know about champagne, satanism, the Stonewall Uprising, chaos theory, LSD, El Nino, true crime and Rosa Parks, then look no further. Josh and Chuck have you covered.
My Favorite Murder with Karen Kilgariff and Georgia Hardstark
My Favorite Murder is a true crime comedy podcast hosted by Karen Kilgariff and Georgia Hardstark. Each week, Karen and Georgia share compelling true crimes and hometown stories from friends and listeners. Since MFM launched in January of 2016, Karen and Georgia have shared their lifelong interest in true crime and have covered stories of infamous serial killers like the Night Stalker, mysterious cold cases, captivating cults, incredible survivor stories and important events from history like the Tulsa race massacre of 1921. My Favorite Murder is part of the Exactly Right podcast network that provides a platform for bold, creative voices to bring to life provocative, entertaining and relatable stories for audiences everywhere. The Exactly Right roster of podcasts covers a variety of topics including historic true crime, comedic interviews and news, science, pop culture and more. Podcasts on the network include Buried Bones with Kate Winkler Dawson and Paul Holes, That's Messed Up: An SVU Podcast, This Podcast Will Kill You, Bananas and more.
Dateline NBC
Current and classic episodes, featuring compelling true-crime mysteries, powerful documentaries and in-depth investigations. Follow now to get the latest episodes of Dateline NBC completely free, or subscribe to Dateline Premium for ad-free listening and exclusive bonus content: DatelinePremium.com