Eight to 11 networks just by their wireless nature are some of the most insecure networking technologies out there. Now, just the fact that you've got a bunch of radios, broadcasting all your data assures us that an unprotected 802 11 network can really really get into a lot of trouble. Now we've got a bunch of episodes that we're going to be talking about wireless networks. But what I'd like to do first is do a quick review of some critical terms. A typical 802 11 network using infrastructure mode begins and ends with a wireless access point. A wireless access point is a bridge between an 802 11 network and an Ethernet network.
So the wireless access point not only has radios to talk on the 802 11 side, but an Ethernet connection to talk to an Ethernet network. Every wireless access point has a MAC address built into it just like any other type of device. What we do is we take this wireless access point we configure it with what is known as As a service set identifier, or SSID, this can be a phrase or a term. Now, generally this SSID is broadcast out to the wireless network area. And we associate the MAC address of the wireless access point with the SSID that we've configured with that and created what's known as a basic service set identifier, or BSS ID. Now, what I'm going to do is add a client to this.
So here's my wireless client. Now he wants to connect to this SSID. So he's going to send a request to the wireless access point. And if it's an open network, the wireless access point will automatically authenticate him, and that client becomes a part of the associated list. So that's listed by the clients MAC address over the wireless access point. Now let's move the client out of the way for a minute and concentrate on the web.
Now, if I only have one way With one SSID we have a, b SSID. But for larger networks, we can add 123 as many as you want wireless access points. And as long as all of these wireless access points are connected to a common Ethernet broadcast domain, they become what is known as an extended service set identifier or e s s ID. As the client moves from one wireless access point in the SSID to another, it authenticates and D authenticates as it moves from one whap to the next. The only downside to what I've just showed you is that there is no authentication and there is no encryption. So anybody with a wireless Nic can get on to this SSID equally, anybody who's within radio range can listen in and watch everything that you're doing on the wireless network.
Now the people who invented 802 11 knew this from the get go and invented a one stop shopping Standard called Wired Equivalent Privacy that would provide basic authentication and encryption. Wireless Equivalent Privacy or WEP is based on the RC for streaming protocol. So it uses an initialization vector, like all streaming protocols do. It uses a shared key concept, which would either be 64 bit, or 128 bits, you generate this key on the wireless access point generally, and then you would pass that key out to anybody who you wanted to connect. Now, the downside to WEP is that there were a bunch of terrible limitations to the way the initialization vector was used. And it didn't take them very long at all, to come up with ways to be able to hack a WEP encrypted network.
Just mathematically You didn't have to do anything or try pass codes or anything you just watch long enough and you would get that key. This put everybody into a panic and generated a brand new world of something called money. Wireless Protected Access. Oh, it was a great time to be a tech back around 2001. We are all excited about this new 802 11 standard with its built in web authentication and encryption. And then we suddenly discovered that it was completely crackable.
Everybody's in a panic. Now, the 802 11 folks got together and said, you know what we're going to do, we're going to come up with a new standard that is both going to be able to handle good authentication, as well as good encryption. And what they did is they came up with a standard known as 802 11. i. So 802 11, it covers two big areas. First, in terms of authentication, we're not going to worry about just sharing a key I guess, some people on like a poor man's network, if they still want to do that way they'll support it. But the idea with 802 11 is, is that we would now use 802 dot one x authentication 802 dot one x had already been around for a while it was you And RADIUS servers and stuff like that.
And they were just going to bring that into a wireless network. So what you would do is you would then install into your wired network, a big RADIUS server that would have usernames and passwords, or it could talk to your domain controller, or would have certificates or RSA or whatever you wanted to use. And that way, whenever you logged in, you'd have to not only try to connect the network, but you actually have to type in a username and password or insert a smart card or whatever it might be. So 802 dot one x was great. Although remember, with 802 11, I they still allowed for those few people who might want to do it to be able to still use something called a pre shared key. Now the other thing that 802 11 I pushed was completely dumping the concept of RC four and instead replace it with a very robust very powerful AAS encryption.
Now, eight Yes, encryption is powerful stuff, in fact back around 2001 that was a bit of a problem because our Ready established wireless access points and Nick's simply couldn't handle it. Yes. So the powers of the 802 11 world Linksys, and folks like that, they all got together and said, okay, we can't handle 802 11 I now In fact, it wasn't until it was certainly after 2006 don't hold it to me when 802 11 I finally came out as a standard. But the industry got together and said, What can we do right now? Well, they realized that it is trivial to go ahead and update existing hardware to be able to handle 802 dot one x that was the easy part. The hard part was to get existing NICs and wireless access points to be able to support eight Yes, so the industry got together and said, Okay, okay, okay.
What we're going to do is we're not going to use eight Yes, at least not till the standard comes out. What we're going to do is we're going to replace WEP with something called t Kip. Now t Kip still uses RC four. But basically it improves the problem with the initialization vector and pretty much gets rid of it. Now this isn't a standard. So the industry got together and decided to call it wireless Protected Access or WPA.
And WPA was fantastic. And it worked really, really well until a few years later, when people begin to realize that they're going to have to update their hardware. So a whole new class of hardware came out that was fully 802 11 ISO standard, except nobody's talking about 802 11 I everybody's talking about WPS. So this whole class of robust 802 11 I hardware was no not as 802 11 I standard, but instead as w p a two so the whole idea with WPA two simply means that it's going to be completely 802 11 I standard. Now these times as we were watching these changes from 2001 to 2006. make for some interesting stuff. A lot of times you'd be going into a wireless access point, you'd be trying to make configuration.
And all of a sudden, they wouldn't use the term WPA or WPA two on some of these older ones. Instead, they say stuff like t Kip, or ccmp. CCNP is simply the way 802 11 networks use as encryption. So we've got this world where we have WEP. We have WPA, and we have WPA two. Now with WPA and WPA two, you can use full blown 802 dot one x authentication with RADIUS servers.
Or if you want to, you can still use PS K or pre shared key so you can go either way with those. What's interesting about this and part of the reason I'm going through all this information is because you would think something like WEP which we have known now for 15 years or more is bad that people wouldn't be using it anymore. Well, you would be shocked what's out there. Even here in Houston, Texas. We've had Organizations go out and do surveys, particularly in the industrial commercial world to find as much as 15% of every network out there today is still using WEP not even talk about WPA versus WPA two. So as we go through all of these episodes I want you to keep in mind, the old stuff may sound old, but it's still out there.