How To Sign Minnesota Banking Form

How to industry sign banking minnesota form secure

so yes we're gonna talk security I guess what I'm not gonna take talk 802 11 ax I don't really care if the horse is dead or not dead or anything it's still yet to be determined what's gonna happen with that so we're gonna talk security and I'm you know just gotten done this entire weekend speaking and doing the training for the CW SP and I found out this morning that one of my students passed so that's really awesome I think that means that I actually did something right over the weekend other than just hang out so yeah more people in the world so Who am I my name is Blake crony those of you that do not know who Mia who I am I do a lot in the wireless community a lot in the wireless industry I may look young it's because I shaved before I came here this weekend but I've been around wireless since 99 so when Tom brought out the UFO this morning I was like yeah that brings back memories I remember when I would do Wireless by setting that into a iMac or the shell that had an iMac as well and that was our wireless for the lobby areas or the outside area of lecture halls and that's what we did and we're like this is really cool this is amazing so I speak I teach CCIE CC wireless and I'm on the consoles twee board of advisors so you may recognize me from from those aspects of it but I also do a podcast as well and you can find me on Twitter where I sometimes ramble and sometimes put on some interesting things in there so I wanted to start this off by kind of helping you understand the reality of what we live in so if we think about security and we try to figure out what is it that we live in in this world and and what's going on when we look at the reality of security it's it's really about a couple of questions here and the first one is the what-ifs now we can play what ifs all day long and every single facets of our lives everything that we do through we play whatever what if this happens what if this happens you know what if I do this then I get this if I get my CW am I gonna get that big huge raise that I always wanted a half you know right that's our that's our goal and what we're doing it for the wireless side of things so when we look at security the question that people always ask is what happens if I'm compromised you know if I'm compromised what is the impact of that it does that cost me millions does it cost me potential users you think about Facebook and their recent data breach how many people immediately went and shut down their Facebook accounts because they're just looking at it says I'm freely giving every single piece of information about me away to an organization that could potentially sell or hand over that information so these these data leaks they're extremely important and everybody is always asking that what-if questions but that what-if is not the right question the more appropriate question that we need to ask we need to be thinking about in this industry is not the if but the when when we're compromised or when we do leak data because I hate to say it but there's no such thing as a 100 cent secure environment we're never always going to be secure to the point that we're not ever leaking data we're not ever having a compromise that's going to attack or out attacks not going to happen to us even the mom ha coffee shops have to be worried about this everybody is a potential attack target not necessarily because we want to get any data off of them but because we could use them to launch other potential attacks so the question really becomes now when we are compromised how do we recover how do we save faced in this industry how do we make it so that we don't lose trust with our end users how do we get to the point that we don't lose trust with upper management and then how do we look for that inspection or how do we do that forensic analysis to determine where were we compromised how can we try to prevent this from happening in the future understanding that there still is most likely that risk and we're going to have to work through this so we need to look at this and change the change of the discussion from if to win get used to understanding that you will be compromised and how do we how do we work away from that because this is our new norm right here those of you don't know this site you should know this site I introduced this a few the students in the bootcamp this weekend it's have I been pwned calm that's set up by Troy Hunt Troy's a well know security bloggers and security expert and consultants in the industry needs a lot of speaking and he goes out and he finds all the hashes are not all the hashes to teach me all the dumps and all the bins that has all of our data that was leaked when somebody compromises a website when they compromise and pull up all the information from the database he takes that and uploads it so you can subscribe so you can get lovely emails in your inbox that says your information has been stolen and here's what was stolen here's what was at risk this is our norm now our norm is that we are going to see these emails come in our data is out there that everybody wants to have access to it and you might think about something like Facebook or Twitter and you look at and say well who the heck cares if they compromised my facebook my Twitter account how many of you share the passwords across applications you know passwords those complex we don't want to have to remember ten different passwords we just wanna remember one password well the thing that people care about with this is they care about the hashes they care about that password to the hash masking so they can go and try to use that hash with your username and password on somebody else's website ie your bank or travel a huge target lately is airline miles people are going after your air miles account so let me try to get all the miles out of there cuz miles are worth money to some people I don't know I fly 125 plus thousand miles a year not as much as Keith does but I'm up there and I looked at my miles I'm like I don't want to get on an airplane for vacation so they're almost worthless to me other than upgrades but people are looking at these so they worry about getting all this data to try to figure out other ways that we can compromise on other sites that have more important aspects of it that they're gonna look for so that's the new norm the new norm is getting those emails getting those notifications so we're not a wireless conference so we should probably talk about security as it relates to Wireless that's really what you guys would rather hear about right you'd rather hear about how a wireless security works so I want to ask this question real quick is Wireless secure as an easy SD instructor one of our slides that I sometimes have a hard time going over is the fact when we compare wired and wireless networks but one of the last aspects of it is that we say wired networks are secure and wireless networks are not secure we we have this notion in there that Wireless is just completely insecure it's an unbounded medium we can't bound the medium we can't we can't put cuffs on the RF to say you don't go outside of these walls or wherever they're gonna go for but I want to look at this in a different light when you look at any compare and contrast wireless and wired what is the actual reality of this on wireless we use encryption we use fairly strong encryption we're always setting up these networks for our corporate resources with wpa2 maybe still WPA if you're kind of stuck in that one but you know I can compromise that pretty fast so a whole things w paid to so we always have encryption enables our networks we use authentication you know even though Rob's got his number 300 over there it doesn't mean that I'm gonna let him on my wireless network I got trust issues and you're an okay guy man Congrats on getting that but I'm not quite sure I'm gonna trust you on my wireless network so I'm gonna authenticate my wireless network to make sure that the only people that are on that are the people that I care about do you do that on your wired network how many of your jacks are wide open and your wired infrastructure in your reception rooms you know areas that are relatively easy to get access to we try to attenuate the signal we try to block that signal from going over or you know we look at it and we say okay when we're gonna do our designs sure we can place that EP in a hallway and make it easier for you from a quote unquote maintenance perspective that if you're maintaining that ap that many times you've got other issues and you shouldn't be using that one but we were trying to put them inside a room so that we can shrink down the cell size doesn't control where that RF goes we're trying to put those cuffs on that unbounded medium so we try to do all this and we try to figure out all these ways of being able to protect ourselves and we put all these all these authentications and encryptions in place doesn't that mean Wireless is secure at that point in time haven't we secured wireless and most of your environments way more than you've secured your wired environment now most of the customers that I walk into the answer to that is yes we've took the time to figure out how do we secure and ensure that the only people on our wireless networks are the ones that we actually want on there some countries over in the European areas for example they'll even go as far as making sure that the guest network is secure by putting appreciated keys on all of it and you have to look through the menu or look on a look on a chalkboard behind a bar or sign somewhere to find that that pre-shared key to get onto the network so wireless really is a secure medium we take the time and we make the effort to secure that unlike what we do with our wired comfortable our counterparts however where there is a will there is a way this actually is a true picture so this is off of the border down in Texas and you know we're doing this great job of making this wall to separate us from that from that country down down south to us to our friends in Mexico and we're trying to make ourselves have a strong border and be really secure super secure and make sure that you check all your IDs and everything but there's always gonna be somebody that's gonna try to figure out how in the heck can I get around this thing you know we put walls into place people put walls in front of us in terms of our career and what do we do we figure out how we can get around that wall we want to know how we can better ourselves and make make that happen so these clever drug runners decided that they would instead of going through the through the plazas through the actual access control areas they looked at that wall instead challenge accepted hold my beer and watch this and if you look closely it actually looks like they used a couple of ladders now I'm pretty handy I do a lot of work around the house and may or may not have fallen off a few ladders at some point in time in my life bring in sheetrock up and everything if you're not aware of this ladders have a certain weight restriction on them and it's you plus the materials and they kind of bounce against the house you know they they're kind of dangerous to go on so these folks they just and we can just go over this wall we're gonna we're gonna take the shortest path we possibly can and we're going to go up and we were going to go over the wall well unfortunately they forgot just how how things work and and how you have to look at your angles of approach as you're going over things I used to do 4x4 into my Jeep in Colorado everything was always about the approach angles and they got themselves height centered on top of this wall and then we're seen fleeing by foot back into Mexico so that they could not ultimately get their drugs over this our users or our the people are doing the compromise and I try not to use the word hacker because I consider myself a hacker because I like to mess around with stuff and try to break into my own stuff so are everybody that we were trying to compromise our network you know they're gonna find a way to get in no matter what we do they're gonna find a way we can do everything we possibly can but somebody's gonna find something out there there's weaknesses and everything it's sad but true we look at all of our release notes and basically today when we do wireless deployments when we start reading through the release notes as we're like which bug can I live with and which bug can I not live with you know that's what we have to work through when we go through on this so let's kind of talk about some of the risks that we have inside of wireless networking and maybe talk about how we can kind of work through some of this so the first one I want to talk about is the hole near or far do we care about the person that's in the parking lot you know a lot of times could my customers will ask me and they'll say why are you placing the access points around the perimeter of our buildings aren't you wasting a majority of your signal all in to the parking lot where we don't want coverage oh and also by the way if you're going out in the parking lot I gotta worry about that guy sitting inside of their car but the fact of the matter is we don't have to worry about the person sitting in the car I mean we do ultimately in the end but I'm more worried about that person that builds an antenna out of a Pringles can yes did that back in college it's just simple you know you toss the Pringles I don't know anybody who actually likes Pringles I certainly don't so I just toss the Pringles and then put us all thread down it and set some washers at the right distance wheel to create the wave lengths and now I've got a nice little yagi antenna for relatively cheap because it was cheap in college let's be honest eating ramen and macaroni and cheese so now I've got this yagi antenna that I'm shooting down the street a few blocks from my apartment I would set it on top of my little TV that I had in our window and I would shoot down the street and I wouldn't be pointed towards the wireless network and at this point in time now I can capture the four-way handshake I can sit there and try to capture and do a lot of forensics and try to figure out what's going on in this network and then start running those through the hash program to try to figure out can I compromise these pre-shared keys or if I get a bunch of dot 1x hax hashes can I run it against a rainbow table can I do something with this to try to figure out what these credentials are because then once I actually figured out what the pre-shared key is my next stop is I'm actually going to go close to the facility now and try to do something else like interject packets or whatever so we look at this as do we care about the person that is right in our parking lot or the person that is far away because it doesn't take much for us to put a yogya on our end of it on the PERT on the attacker side of it to be able to pluck frames out of the air I don't care if you can hear me you know I want you all to hear me right now so I'm making sure that I'm transmitting loud enough when we have the microphones working so that we can actually hear everything but I could just sit back and I could just listen you know right now everybody in this room is just sitting back and listening you're receiving it doesn't matter if I can hear you back right now I just need to capture those frames so when we have the discussion about should we place the access points next to the edge or what can we do from a transcript power or how can we control from the edge it's not necessarily that big of a deal because we have to be more worried about the person that is far away from us that we can't even see that we don't even know that they're doing this because then when they do come back ultimately that's when we start to have the concerns because once they return to us most likely they're returning because they've already compromised your pre shared key or they've already found some hashes that they can actually use and get onto your network with so now they're important but at first go around the nearest use not a big deal where else do we have a concern on this so the other aspect is man-in-the-middle Wireless because it's broadcast and how it w rks is just spray and pray right we we put all the signal on we hope that it goes where we want it to go and unfortunate goes where we don't want it to go so that creates design headaches but all this signal is going out everywhere we every which direction from our radiant elements so when we look at the man in the middle attack now we have to take into consideration how can somebody intercept that and be in line on my communications and what can they do with it so if there's a company out there hak5 that makes a lot of really easy devices to do I'm actually wearing one right now no I'm not man in the middle attack in anybody I actually tried to get one of my one of my things to go up and just rickroll all of you so that somebody would be looking at the Wi-Fi analyzer and see what the SS IDs were but it didn't launch in time but relatively small device that I can just carry on my hip with a battery here and what I can do is it can capture and see okay what are the networks said you guys are probing for what are the networks that you're looking for and I can run karma on it and I can say yeah I'll be Wi-Fi track for you if that's the network that you want I'll be that network I'll let you connect to me and then once you're connected to me now I'm in between all of your transactions all of your frame transmissions so what can I do with that at this point in time well I could be funny and I can say hey Rob I'm sorry but I'm gonna replace every single picture that you're looking at on the internet with the cat because after all the internet is for cats and cat videos right that's what everybody uses it for or I could say I'm gonna make it so that Scott you're gonna have to stand on your head and read this because I'm gonna flip all the text upside down on you now those might seem like stupid little parlor tricks but that's what the point of this device is is to prove how easy all this is to do then you have to start worrying about the large-scale attacks where somebody is now using and they're using this as a pivot box and they're sending all the frames over to something like Metasploit and I start running an SSL strip on it and I'm trying to actually decrypt your SSL traffic so I can maybe get into your banking information or I can get into James's email and find out what's coming in the next couple of updates out there you know I can go through and I can try to figure out what's the target rich environment that I want to look at and run it against through that Metasploit and do more things that actually matter to us other than just silly little script kt actions so we have to worry about that man in the middle attack and try to figure out how can we make sure that we are secure enough to prevent that and not see those on our networks the next one that we have to worry about how many of you have password policies at your organization that just make you want to slam your forehead onto the desk every single time that you get the notification that says your password is going to expire in five days you must now create a new complex passphrase so users let's be honest users they're they're the they're the evil that we have to support they're the layer eight that we look at it and we just say oh man what are they gonna do to us now today so we go and we give them a complex passphrase in order to get on the network and they can't remember it so what do they do they write it on a post note and they put it on their monitor or even worse they decide that they're gonna go and they're gonna interview the network operations center for I don't know a large sporting event like a Super Bowl or something and you got all these news cameras in there and then right there on the background on the whiteboard there's the pre-shared key for the internal network and you're just like really guys this is why we can't have nice things so we have to worry about this complex password issue because if I provide a complex password which is going to make it so that Blake can't run Kalpataru Blake can't run err Pat aircrack-ng against it and get that pre shared key easily do i just opened myself up to social attacks now or it's just gonna be easier for me to go and say call ups and get somebody on the help Justin be like yeah I'm trying to get onto the network I'm a new employee or new contractor here I can't remember what the key was I thought it was this and it's not working and they that might just say okay here's a pre-shared key if we over complicate things it ends up being where we start introducing more holes and more risks because of the over complex nature of this so complex passwords believe it or not are actually one of our problems when you look at a pre-shared key and you understand how the PSK 2 or excuse me from the passphrase to the PS k mapping just doing something as simple as welcome and the number one at the end of it is secure and robust ins gonna take me a long time to compromise it's not just a straight dictionary word simple things simple actions will make sure that our networks can't be can't be compromised through the pre shared key aspect of it we don't need 63 characters fully random symbols all this stuff it would make more sense to not have a complex random pre shared key but put something like this is how I get in my network exclamation point because the end user is going completely understand that but an attack against that we have enough entropy through there that it's going to be hard for them to be able to run through that you know I might take them a year but at least hopefully you're changing your pre-shared keys once every year which I know is not happening but you know it gives us the warm fuzzies right we try to do that so then that's that next aspect of this actually was kind of funny is this happened this morning so as I'm sitting here this morning and we're listening to listen to Tom give the really cool history about Wireless and the CW program and where things came from all of a sudden on my screen on my iPad pops up hey would you like to share the password with JD because JD sitting there trying to log into the wireless network and he needs a pre-shared key and JD is a contact of mine so iOS is like well why don't you help you know be helpful get them on the network let's just share this password over to them so the issue that we see with this is we go to the companies all the time and they say oh yeah I t's the only one that knows that pre-shared key nobody other than these four people know this pre shared key because they're the only ones that set up the computers cool that was great until this magical thing that bender really enjoys called the cloud came around and we started doing all this cloud backup cloud sync make your life easier make us not have to remember anything anymore because everything is gonna go up to the cloud and then it's gonna go down to all of your devices are connected to that account as well well one of the things that could happen for example in a MacBook or iPhone situation if you have iCloud sync enabled is that your she is gonna go from your MacBook up into your iDevice up into your iPad or your iPhone at that point in time if any one of your contacts tries to start typing in the password for Wi-Fi Trek which was the case this morning I'm gonna get a prompt and say you know what one of your contacts would like to connect to this network would you like to share the password with them and be so happy you know there's some black magic that's gonna go on here and they're gonna somewhat encrypt this and send this appreciated key over when although a pre-shared key is on that person's device now that's on that person's device so then that's gonna sink down to their laptop for example and then we start running into issues of now that laptop has that on which then I could go and I could grab this little device which is a Bosch bunny and I can load a payload onto here and this payload is going to go and it's going to query for all the known networks and all the pre-shared keys that are on somebody's laptop and old by the way this will work when your laptop is locked as well if you're a Windows user so I can just plug this in and I can get all that information and now I have your pre shared key so if I got your pre shared key then I could configure this other device on my hip here to now start broadcasting that SSID that you would like with appreciated key that you've already configured and I know what it is so now you're gonna think that you're in an encrypted conversation but I'm the person in the middle and I can now get everything and I can do whatever I would like to and interject frames if I'd want to and change things around so this electronic sharing a pre-shared keys is taking away the fact that IT is the only ones that know the passwords because there are the only ones that set up these computers and nobody else has ever informed of what this is so we've got a new threat vector that we have to watch out for that is trying to make our lives easier so that we don't have to do this whole typing in passwords anymore oops oh yeah I think I went too fast there technology is great I'm really good at this I promise so last one all I'm talking about again is the credential theft is just the fact that I could walk up into that Lobby and look at a receptionist computer and see if they're plugged into the network if they're plugged into a network I have another device is called a land turtle but this is wireless so we want to talk about wireless attacks so in that one if it is Wireless again I can plug this Bosch bunny and I can pull all that credential information off of there and steal all the credentials and know what they're appreciated keys are know what their certificates are possibly lots of fun stuff that I can do with this and capture all that payload and I just grab that again you know it usually takes about 30 seconds to 60 seconds depending on how much information that you want to take off of that machine so I have all that information now I'm gonna leave because I'm gonna go and try to figure out what is it that I can do with this once I know what I can do with this then I'm gonna come back and actually do more of a directed attack at somebody by again configuring a pineapple for example or just trying to use those credentials that I found just to get onto the network and then once I'm on the network I'm gonna start poking around runs on a map and hope I'm not caught by your wireless you're wired IDs excuse me and make sure that you can't detect it I'm doing that but I'm gonna try to find something and I'm gonna look for those servers and see what I can get into so all these tools these things are extremely easy to do you know I love hack five for creating these tools but I also hate hack five for creating these tools because what it does is it puts this tool in the hands of people that don't necessarily even know what it is that it can do with all this and there's a whole lot of havoc that they can cause with these little tools and these little devices okay so the wrists those are the risks now the question is can we actually be safe I've said all this stuff so can we actually be safe now is there anything that we can do to actually make ourselves be safe be able to have Wireless that exists and not have to worry about what's going to go on in the environment sure there's a few things that we can do we can go to the ultimate extremes here we could create a Faraday cage around our entire facility I've been in one facility that actually did do this and of course I was kind of being a little bit cocky because I was younger and we always say that we're gonna do a site survey to prove that your wireless network is going outside your walls so you should be worried about this risk and the guys just like oh don't worry about it it's not gonna go anywhere outside of our walls we have we have we've got that covered and I'm like yeah I hear that every single time I just started doing my survey going around capturing data eka Hal and I go and I look at the data I'm like dang you're actually right there is no coverage out of here what gives here again I'm not really thinking about the facility that I'm surveying in yeah so you know step one know your cause so I'm looking at this and the guy looks at me he goes you know what building are you in right now I'm like I know what what man so he's like think about this you're in the power control station for the entire southeastern part of Minnesota and the western regions of Wisconsin this was the power control station for one of the nuclear power plants that was down in the area he's like we're shielded from an EMP blast nothing in also means not being out so they were fully secure they spent the money to be able to make sure that their building was essentially an entire massive Faraday cage so yes they were secure and there was a lot of people that would make sure that they were checking the IDS of who you were and there was some folks with some really cool-looking guns that GT would love to play with I'm sure and Devin as well and I'm looking at this as we're going up I'm like okay physical security check RF security yes you did meet that requirement because you built a Faraday cage around your building no nobody's gonna do that so then the other option is that RF paint hmm you guys want to run down to Home Depot and get some RF paint and see if we can make RF shield around this environment your mileage is gonna vary with that thing okay that's more of a yeah it's gonna do this but I'm not quite sure I don't know of anybody that's actually used this and it's worked so the Faraday cage is kind of the ultimate fix that we have to work with but not always going to do those ultimate fix every now and then we have to look at what are the other options that we have to go through there so why don't we change the lock why don't we come up with a smarter lock does anybody know what the critical flaw with this lock is right here the designer of this lock said this is the most secure lock out there unless you have a screwdriver in your possession I kid you not it was found out that you could just open this thing up with a screwdriver and it would unlock you could pull the tumbler right out and you could you could open this lock up so then they changed their line to say well yeah but who carries a screwdriver around with them right Jason I mean however many times we get them take away from TSA we might still have one or may not have one but so we want to try to change our lock in terms of what we do from a wireless connectivity in a wireless security standpoint look at your pre shared key lots of enter these days have a none Danny PSK solution mist is here that has one arrow hi OVAs here that has one a lot of vendors have the ability to do an identity PSK it makes more sense to do multiple PS case and have a PS k that is assigned to a user that that user can then use on their devices because if i compromise the scott's PSK that only gets me into his devices i've been on his devices there's nothing of interest in there i don't need to look at anything of that but i might want to get on somebody else's so now i actually have to do more of a directed attack to try to figure out this whereas before it was just all about looking at a MAC address and saying well eeny meeny miny moe catch a tiger but you're my target and I'm gonna go after you I just looked at seeing who was doing the most frames who was sending the most frames because I've assumed they're the ones that are gonna be provide something because they've got all the data that's going through there changed it dot one X you know dot one X is is by far the best way that we should do our security PSK is a management nightmare for most folks but that one X is relatively easy to do and the vendors talk to Aruba and talk to them well clear pass you know our vendors are making it so much easier for us to do dot 1x security there's no real reason why we don't do this other than just the fact that people tell us what we should provide to them when they don't understand how the technology actually works but when you are doing dot 1x ensure that you're using a tunneled EEP protocol we're not obviously gonna go out and use EEP md5 even eat - TLS s somewhat of a concern because it's still outside of a tunneled protocol you want to use something like EEP EEP with TLS inside of that or use ET TLS so we have a tunneled protocol where we are sending our our username or we're sending our certificate whatever credentials that we're using we're sending inside of a secure tunnel so that if there is Blake sitting out there with his Pringles can and trying to sniff the frames he's not really gonna get a whole heck of a lot he's gonna get a bunch of encrypted frames that he has to break the encryption on just to build to get the things I care about and if I'm gonna go for that I'm gonna go find somebody else that's easier to compromise so I'm not gonna do that now the last one that I know that Perry is gonna talk about this week so I didn't want to go too much into this I didn't want to waste a ton of my time on it because Harry's gonna do a lot better job at it than I that I would do on it but as WPA 3 so when we look at WPA 3 well what's that going to end up providing for us what do we get out of WPA 3 so WP 3 is finally becoming to see the light of day where we're getting close to where this is actually going to be out in the market we saw this this morning that we've got now a network here that has WPA 3 running on it so that you can inspect and see what the beacon element beacons look like and everything well the thing on WPA 3 personnel is we're trying to make it so we can prevent some of these attacks from happening because we're strengthening that PSK process we're moving away from just the typical PSK that we know today and understand and those of you that attended my boot camp we all know them to understand how that works right guys nod your head yes make me feel good about myself we're going to switch to simultaneous authentications of equals where now this is more of a kind of like a blind trust in a way where we're both going to compute things we're both going to compute parts of the hash and work together to come up with what our final authentication keys look like based off of an elliptic curve Diffie human exchange and again I said Perry's gonna be talking about Perry you're gonna show that video again in your talk alright that you show it in Prague hopefully so the people will be able to see this exchange and understand what's going on this so this is the goal behind this is can we be resilient to an offline dictionary attack if we do get compromised or somebody captures our frames doesn't matter at that point in time you know we're not gonna be able to go through and run that against a dictionary attack to try to figure out what that passphrase was and it's gonna allow us to use hopefully simpler passwords for our end users which seems kind of counterintuitive but again complex passwords end up on the monitors not good from a physical security standpoint because you backed Lord Nikon walking around and capture all these all these passwords so it's going to be easier to use and provide the hope for simpler passwords so the end users have a better experience on it you know this is designed for those lower and in deployment so we want to try to shore up the security on it now when we look at WPA 3 Enterprise unfortunately right now as it sits we're going to have the exact same as wpa2 but the goal is that we're gonna have MFP required we all tried MFP remember we had some issues with management frame protection when it first came out Windows 7 big huge issue caused a lot of pain for quite a few universities and it was not fun to go through however we're gonna have an optional 192 bit mode which is going to shore up the encryption now so we can strengthen the encryption Suites that we're using go to a 256 bit stronger encryption again we're gonna use that elliptic curve on the diffie-hellman to try to be able to create a more robust security network than what we already have this hour like I said is optional though so it'll be interesting to see what actually happens in terms of adoption from not only vendors but also client devices because they could just look at it and say you know what we're gonna do the bare minimum for the WPA 3 and we're gonna give you management frame protection which is a plus yes we like but we would much rather also have the higher end encryption as well you've been used over these so you know interesting to see what happens on their enhanced open is the other one that's out there open but encrypted this is not part of WPA 3 though so do understand this is that WPA 3 does not mean that we're doing enhanced open I think this is an optional element that you can also do in addition to supporting WPA 3 out there when we look at the enhanced open the benefit behind this is that we're going to use opportunistic wireless encryption and we're gonna try to get try to figure out a way to be able to do encryption without the issues of pre-shared keys and everything and the idea behind here is that again it's a difficult in exchange there's no authentication the downside here is though we're gonna have a second BSS we all know that multiple SS IDs is bad right we keep trying to get rid of SS IDs so now we're bringing in another SSID from a transitional standpoint so that what's gonna happen is if your client supports OWA or if it supports enhanced open as the Wi-Fi Alliance term is out there what we'll go on is that inside of the beacon the client will be able to receive additional information elements that says oh by the way there's this o w e SSID over here that you could connect to and we could have encryption this will be huge for hospitality and coffee shops and things like that because again the goal is to try to get people in using encryption so that we can't just sit there and easily sniff out the frames and easily capture the frames and do things for folks so be interesting to see what happens over the next next few months as these things start to show up and to see how the Devender start to support these and if it's actually going to make any difference in the industry or if we're just gonna end up where it's again not a matter of if but it's a matter of when things get compromised and people are gonna be quick to action on doing the complement compromises for these so are you scared yet do you want to go and turn off your wireless networks and not use wireless anymore I usually have that feeling when I talk to like Ryan add zoom and Jake Snyder because they just look I look at it I'm like oh my gosh dude really what did you just do now you know what did you send in my phone when or what did you say what did you configure on this that we shouldn't gone through this I hope it doesn't scare you too much in terms of the fact that you start to think that Wireless is completely insecure because as I started off in the beginning Wireless truly is secure when you compare it to your wired networks in most people's environments Wireless is way more secure than the wired site I could easily go down and find a Halloween costume that dresses up like a UPS man and walk up to the reception desk plug in the LAN turtle plug in a packet squirrel plug in any number of devices onto a wired port and I have a much greater chance of success and it's gonna be a lot quicker than me trying to attack over the wireless network a lot of times when we do pentesting activities this is what we end up finding out is that your wireless is truly secure it's just somebody's scared everybody because they said this thing like crack came out and we should start to think that the world is ending and the sky is falling and every single consumer device in the entire face of the planet is compromisable and oh my god think of the children please would you seriously even my mother is calling me and saying do I need to turn off my work router I'm just like no mom you're good gotcha Covered it's already being updated you're good we have to make sure that we look at things and then we look at security the real turn look at it in eyes that make sense don't listen to everything that you see out there in terms of compromises I strongly encourage folks to go get things like the pineapples go get things like the bash bunnies and see what it is that you can do with these devices then first get your release of harm form signed by your employer or simply don't attack your employer attack your home network maybe is even better but if you are doing your employer make sure that you're released of harm so that they can't come after you and go through and try to practice some of these things and actually see how tough these are you know I at Def Con this year they announced a new vulnerability in wpa2 and everybody was kind of worried Jake and Ryan and I we kind of looked at this and we were trying to figure out is this even something that's possible and when we looked through it and we started kind of running through some of the scenarios it was still gonna take us like a year or two years to compromise our pre-shared keys this isn't something like WEP where I can do that in about 30 seconds and be on your network this still takes a long time to do so Wireless is secure don't be afraid of it but do understand where the risk vectors are and understand that it's not always technical it's also just us ourselves and all the enhancements that our devices are making to try to make our lives better by sharing passwords and everything certainly doesn't do us any favors we need to be careful about that and be mindful about that and understand where the risks are and where our concern is so I thank you I hope that you enjoyed this and enjoy the rest of the conference [Applause]