1 00:00:07,160 --> 00:00:08,600 - [Man] There's a feature 2 00:00:08,600 --> 00:00:11,200 in modern enterprise wireless devices 3 00:00:11,200 --> 00:00:15,150 that is called the Publicly Secure Packet Forwarding 4 00:00:15,150 --> 00:00:17,740 or PSPF, right? 5 00:00:17,740 --> 00:00:19,540 And this is a feature implemented 6 00:00:19,540 --> 00:00:21,150 on wireless land controllers 7 00:00:21,150 --> 00:00:24,680 and wireless access points to block wireless clients 8 00:00:24,680 --> 00:00:27,200 from communicating with each other 9 00:00:27,200 --> 00:00:28,370 or from communicating, you know, 10 00:00:28,370 --> 00:00:30,040 with other wireless clients. 11 00:00:30,040 --> 00:00:33,390 So the idea is that with PSPF enable, 12 00:00:33,390 --> 00:00:37,010 your client cannot communicate with the other devices 13 00:00:37,010 --> 00:00:38,210 on the wireless network, right? 14 00:00:38,210 --> 00:00:42,340 So now for most W-line environments, so, you know 15 00:00:42,340 --> 00:00:44,300 wireless line environments, 16 00:00:44,300 --> 00:00:47,320 wireless client communicate only with devices 17 00:00:47,320 --> 00:00:50,250 such as you know, web servers on the wire network 18 00:00:50,250 --> 00:00:53,560 or, you know other resources internally, 19 00:00:53,560 --> 00:00:55,410 or of course with devices on the internet. 20 00:00:55,410 --> 00:00:59,250 Right? So now by enabling PSPF, 21 00:00:59,250 --> 00:01:00,700 it actually protects the wireless clients 22 00:01:00,700 --> 00:01:03,790 from being actually hacked by a wireless intruder. 23 00:01:03,790 --> 00:01:05,540 That's quote on quote, right? 24 00:01:05,540 --> 00:01:09,740 Now PSPF is actually somewhat effective 25 00:01:09,740 --> 00:01:10,970 in protecting wireless clients 26 00:01:10,970 --> 00:01:13,920 especially at wireless public networks, right? 27 00:01:13,920 --> 00:01:16,930 Such as airports and hotels and coffee shops 28 00:01:16,930 --> 00:01:19,860 and other, you know, places at college campuses 29 00:01:19,860 --> 00:01:22,779 whenever the authentication is actually no 30 00:01:22,779 --> 00:01:25,680 enabling anyone can actually associate to that access point. 31 00:01:25,680 --> 00:01:27,060 And it prevents for, you know 32 00:01:27,060 --> 00:01:29,920 you to actually see your neighbor's traffic, right? 33 00:01:29,920 --> 00:01:33,301 Quote on quote, cause there's all a lot of techniques 34 00:01:33,301 --> 00:01:34,420 that you can actually do to bypass that. 35 00:01:34,420 --> 00:01:39,420 Right? So now some enterprise wireless devices 36 00:01:41,400 --> 00:01:44,930 they also support WIPS so that means, 37 00:01:44,930 --> 00:01:47,610 Wireless Intrusion Prevention Systems, right? 38 00:01:47,610 --> 00:01:49,680 Like for example, Cisco has that 39 00:01:49,680 --> 00:01:53,320 in their wireless land controllers and their wireless APs. 40 00:01:53,320 --> 00:01:56,250 Right? So now those WIPS can actually 41 00:01:56,250 --> 00:01:58,770 detect PSPF violations, right? 42 00:01:58,770 --> 00:02:02,300 So if a client attempts to communicate with another client 43 00:02:02,300 --> 00:02:05,270 then the WIPS can be actually configured 44 00:02:05,270 --> 00:02:07,630 to raise an alarm for a potential attrition attack. 45 00:02:07,630 --> 00:02:10,600 Right? So this alarm does not apply 46 00:02:10,600 --> 00:02:13,720 if your wireless land deploys a wireless printer, 47 00:02:13,720 --> 00:02:18,070 for example, or, you know, voiceover a WLAN right. 48 00:02:18,070 --> 00:02:20,289 So applications, because these applications rely 49 00:02:20,289 --> 00:02:23,590 on wireless client to client communication. 50 00:02:23,590 --> 00:02:26,050 So again, if you actually have a wireless printer 51 00:02:26,050 --> 00:02:27,820 how you gonna be able to print 52 00:02:27,820 --> 00:02:29,250 if you're gonna communicate to it. 53 00:02:29,250 --> 00:02:32,210 But so guess what, there are many printers 54 00:02:32,210 --> 00:02:35,250 and voice over wireless land devices 55 00:02:35,250 --> 00:02:38,630 that are often left with default passwords 56 00:02:38,630 --> 00:02:39,890 or no passwords at all. 57 00:02:39,890 --> 00:02:42,240 Right? So they're full of vulnerabilities. 58 00:02:42,240 --> 00:02:44,150 So you can compromise one of those 59 00:02:44,150 --> 00:02:47,340 and also potentially pivot across the wireless network. 60 00:02:47,340 --> 00:02:49,210 Right? And the other thing is that I mean, you know 61 00:02:49,210 --> 00:02:52,210 now with the proliferation of a lot of other devices, 62 00:02:52,210 --> 00:02:56,220 especially in not only at home with things like Chromecast 63 00:02:56,220 --> 00:02:58,790 and Apple TV, and some other ones that you need 64 00:02:58,790 --> 00:03:01,650 communication to it, but also in the enterprise 65 00:03:01,650 --> 00:03:04,410 they actually are using some of these type of devices. 66 00:03:04,410 --> 00:03:06,090 You can compromise one of those devices 67 00:03:06,090 --> 00:03:09,980 and potentially communicate to other clients in the network. 68 00:03:09,980 --> 00:03:10,940 But again, you know 69 00:03:10,940 --> 00:03:14,060 if you actually have a little bit more sophisticated type 70 00:03:14,060 --> 00:03:16,280 of protections, like a WIPS, 71 00:03:16,280 --> 00:03:18,130 like the Cisco devices actually have, 72 00:03:18,130 --> 00:03:20,870 you can at least get alarms whenever somebody 73 00:03:20,870 --> 00:03:23,343 is actually trying to do that type of attack.