1
00:00:00,660 --> 00:00:07,170
OK so through all the previous lectures we see in all the weaknesses that can be used by hackers in

2
00:00:07,170 --> 00:00:13,740
order to compromise where WPA and WPA to encrypted networks we've seen how can how they can use these

3
00:00:13,740 --> 00:00:18,480
weaknesses to crack the password and get the actual key to the network.

4
00:00:18,900 --> 00:00:26,280
We also see that the attackers are able to authenticate or disconnect any device from any network without

5
00:00:26,280 --> 00:00:26,950
the need to.

6
00:00:26,950 --> 00:00:33,540
Now the key to that network and in the previous lecture we've seen how we can modify the settings of

7
00:00:33,540 --> 00:00:40,410
our routers so that we can increase the encryption of our network increase the security of our networks

8
00:00:40,620 --> 00:00:44,930
so that hackers can't use the attacks and get the passwords.

9
00:00:47,030 --> 00:00:53,600
Now in order to fly the settings that we talked about in the previous lecture you need to be able to

10
00:00:53,600 --> 00:00:56,380
access the settings page for your router.

11
00:00:56,370 --> 00:01:01,490
Now each router has a web page where you can modify the settings for the router and it's usually at

12
00:01:01,490 --> 00:01:03,160
the IP of that router.

13
00:01:03,380 --> 00:01:09,200
So first of all I'm going to check and get the IP of my computer or my device and I'm just going to

14
00:01:09,200 --> 00:01:16,130
do if configured and zero and as you can see this is the IP of my computer.

15
00:01:16,130 --> 00:01:17,600
So I'm going to open my browser

16
00:01:21,450 --> 00:01:29,800
and I'm going to navigate to 1 9 2 1 6 8 0 and the IP of my computer was 25.

17
00:01:29,850 --> 00:01:33,300
Usually the IP of the router is the first IP in the subnets.

18
00:01:33,420 --> 00:01:39,600
So this is the subnets at the moment it's 1 9 2 1 6 8 0 and I'm just going to add number one because

19
00:01:39,600 --> 00:01:44,070
that's the first IP in the subnet and that will take me to the router settings page.

20
00:01:44,310 --> 00:01:47,760
And as you can see it's asking me to enter a username and password.

21
00:01:47,790 --> 00:01:52,690
Now routers come in with pre-specified username and password.

22
00:01:52,740 --> 00:01:57,840
You can check what's the default username and password and then I highly recommend you change them after

23
00:01:57,840 --> 00:01:58,260
that.

24
00:01:58,410 --> 00:02:00,520
So usually it's written in the manual.

25
00:02:00,750 --> 00:02:04,980
So check the manual see what the default username and password and then you can logon

26
00:02:08,880 --> 00:02:09,440
now.

27
00:02:09,450 --> 00:02:16,080
In some cases the attacker might be doing the authentication attack against you so he might be preventing

28
00:02:16,080 --> 00:02:18,620
you from connecting to your network wirelessly.

29
00:02:18,690 --> 00:02:23,960
So what you can do is you can connect to your router using a cable using an internet cable.

30
00:02:24,150 --> 00:02:29,730
And when you do that then the attacker cannot use the authentication attack to authenticate you or disconnects

31
00:02:29,730 --> 00:02:30,270
you.

32
00:02:30,270 --> 00:02:34,240
So you'll be able to access your other settings using the wire.

33
00:02:34,440 --> 00:02:40,230
And then you can modify your security settings and change the encryption and change the password.

34
00:02:40,290 --> 00:02:45,690
Do all the things that I recommended in the previous lecture in order to increase the security so that

35
00:02:45,690 --> 00:02:53,940
the attacker will not be able to attack your network and get to keep Now the settings of each router

36
00:02:53,940 --> 00:02:58,050
are different they depend on the manufacturer and even the model of the router.

37
00:02:58,200 --> 00:03:01,850
Well usually the settings the way that you change the settings is the same.

38
00:03:02,070 --> 00:03:07,190
And like 90 percent of the cases there either is always the first IP of the subnet.

39
00:03:07,320 --> 00:03:13,170
So all they have to do is you get your IP used and if a command like we did here like we did here and

40
00:03:13,170 --> 00:03:18,560
we got that and it was 9 1 9 2 1 6 8 0 25 that's the IP of my device.

41
00:03:18,720 --> 00:03:22,850
And then I changed the last 25 to number one to the first IP.

42
00:03:22,950 --> 00:03:25,590
And that is the IP of my router.

43
00:03:25,980 --> 00:03:30,330
Now I'm going to navigate the wireless settings now as you can see there is a lot of settings that you

44
00:03:30,330 --> 00:03:35,210
can change for your network and are concerned with the wireless things at the moment.

45
00:03:35,250 --> 00:03:40,320
So as you can see my wireless is enabled they can change the name of the network you can't change the

46
00:03:40,320 --> 00:03:44,330
channel and the bandwidth and all that.

47
00:03:44,620 --> 00:03:46,400
So I'm going to go to the security.

48
00:03:46,930 --> 00:03:54,250
And as you can see now I'm using WPA encryption with WPA or WPA to engage authentication and encryption

49
00:03:54,260 --> 00:03:55,040
using an.

50
00:03:55,080 --> 00:03:56,370
And TKI IP.

51
00:03:56,680 --> 00:04:06,400
And if I go on WP as you can see that WPA is disabled as we said now so basically I'm not using WEP

52
00:04:06,520 --> 00:04:13,580
so they cannot use any of the tasks that we spoke about that allow you to crack the encryption using

53
00:04:13,600 --> 00:04:15,630
WPA which is much more secure.

54
00:04:15,970 --> 00:04:23,350
And I disable WPX so they cannot use reverse to determine my WPA Espen and then reverse engineer my

55
00:04:23,350 --> 00:04:24,060
password.

56
00:04:24,100 --> 00:04:29,860
The only way that the hacker can access or get my password is by obtaining the handshake first and then

57
00:04:29,860 --> 00:04:32,860
use a wordlist to find my password.

58
00:04:32,860 --> 00:04:38,680
Now my password is very random even though it actually doesn't use numbers or digits just just letters

59
00:04:38,950 --> 00:04:45,280
but it's very random so there is a really small chance of someone being able to guess that password.

60
00:04:45,290 --> 00:04:50,330
Now there is another thing that I'd like to show you here is the access control and using this you can

61
00:04:50,360 --> 00:04:58,580
add policies so you can add and allow policy or deny policy and use that is based on the mac address.

62
00:04:58,580 --> 00:05:02,780
You can specify a MAC address is that you want to allow to connect to your network.

63
00:05:02,780 --> 00:05:08,030
You can also specify MAC addresses that you can deny from your network.

64
00:05:08,030 --> 00:05:14,450
So for example you can just if you if you don't have many people many visitors come into the house or

65
00:05:14,450 --> 00:05:20,210
if you're in a company with a specified number of computers and you want to only to allow a number of

66
00:05:20,210 --> 00:05:26,240
computers to connect to that network then you can just obtain ask the people get their MAC addresses

67
00:05:26,450 --> 00:05:30,090
the people they want to allow and add them in an allowed list.

68
00:05:30,110 --> 00:05:36,020
Now even if someone has the actual key the right key for your network and they don't exist in the white

69
00:05:36,020 --> 00:05:40,640
list or in the allowed list they will not be able to access the network.

70
00:05:40,640 --> 00:05:46,850
You can also deny list which is if you were you want to deny a certain computer or a certain person

71
00:05:46,850 --> 00:05:48,390
that you think are suspicious.

72
00:05:48,440 --> 00:05:53,700
You can just add their MAC address and deny list and they will not be able to connect to your network.

73
00:05:55,140 --> 00:05:59,940
So this is about it as I said the search space usually look different.

74
00:05:59,940 --> 00:06:06,510
The names might be called different names as in the names for each of these tabs but usually the main

75
00:06:06,510 --> 00:06:12,720
thing is you're you should be able to access the router settings using the subnets IP and other number

76
00:06:12,720 --> 00:06:14,940
one which is the first IP at the end.

77
00:06:15,210 --> 00:06:21,270
And if you're being attacked if you can't connect to your network at all then just use a cable and modify

78
00:06:21,270 --> 00:06:24,000
the settings like we discussed in the previous lectures.