1 00:00:06,650 --> 00:00:09,372 - [Omar] One of the most simplistic wireless-based attacks 2 00:00:09,372 --> 00:00:12,110 is basically using a rogue access point. 3 00:00:12,110 --> 00:00:15,210 And basically, you can instantiate, 4 00:00:15,210 --> 00:00:17,520 or configure a rogue access point 5 00:00:17,520 --> 00:00:20,850 within the network, and then fool users to connect to you, 6 00:00:20,850 --> 00:00:23,410 and then you can perform many different attacks, 7 00:00:23,410 --> 00:00:25,480 like man-in-the-middle attacks, 8 00:00:25,480 --> 00:00:30,480 potentially present some type of login screen 9 00:00:30,520 --> 00:00:34,320 to a user, collect sensitive informations, 10 00:00:34,320 --> 00:00:36,210 like passwords and usernames, 11 00:00:36,210 --> 00:00:38,321 and many other tricks, 12 00:00:38,321 --> 00:00:41,100 since you actually are gonna be in the middle. 13 00:00:41,100 --> 00:00:45,100 Now, a rogue access point can also be configured 14 00:00:45,100 --> 00:00:47,380 by an attacker to create a back door, 15 00:00:47,380 --> 00:00:49,460 and then obtain access to the network 16 00:00:49,460 --> 00:00:51,770 and its systems as well. 17 00:00:51,770 --> 00:00:53,910 Now, in an evil twin attack, 18 00:00:53,910 --> 00:00:56,700 the attacker creates a rogue access point, 19 00:00:56,700 --> 00:00:59,320 and then configures it exactly the same 20 00:00:59,320 --> 00:01:01,700 as in the existing corporate network. 21 00:01:01,700 --> 00:01:04,640 So if I have a wireless access point 22 00:01:04,640 --> 00:01:06,510 within a corporate environment, 23 00:01:06,510 --> 00:01:08,720 with an SSID of CORP-NET, 24 00:01:08,720 --> 00:01:11,220 like in this example, if I'm an attacker, 25 00:01:11,220 --> 00:01:15,600 of course I can configure my own access point 26 00:01:15,600 --> 00:01:17,450 and then deploy in the network, 27 00:01:17,450 --> 00:01:20,700 and of course, configure with the same SSID, 28 00:01:20,700 --> 00:01:23,320 and then have users connect to me 29 00:01:23,320 --> 00:01:27,100 and potentially perform deauthentication attacks, 30 00:01:27,100 --> 00:01:29,350 and force the users to actually connect to me, 31 00:01:29,350 --> 00:01:32,420 then I'm in the path, and then I can actually 32 00:01:32,420 --> 00:01:34,983 collect any data that is not encrypted. 33 00:01:36,210 --> 00:01:41,060 Many different enterprise wireless solutions nowadays 34 00:01:41,060 --> 00:01:45,656 provide features that will detect evil twin 35 00:01:45,656 --> 00:01:49,270 and rogue access points within your network. 36 00:01:49,270 --> 00:01:53,130 So they have many different features that can mitigate 37 00:01:53,130 --> 00:01:54,423 these type of attacks.