1 1 00:00:00,720 --> 00:00:02,960 Okay, so through all the previous lectures 2 2 00:00:02,960 --> 00:00:05,005 we've seen all the weaknesses 3 3 00:00:05,005 --> 00:00:06,768 that can be used by hackers 4 4 00:00:06,768 --> 00:00:08,500 in order to compromise 5 5 00:00:08,500 --> 00:00:12,070 web, WPA and WPA2 encrypted networks. 6 6 00:00:12,070 --> 00:00:14,600 We've seen how they can use these weaknesses 7 7 00:00:14,600 --> 00:00:17,440 to crack the password and get the actual key 8 8 00:00:17,440 --> 00:00:18,990 to the network. 9 9 00:00:18,990 --> 00:00:21,550 We've also seen that attackers are able 10 10 00:00:21,550 --> 00:00:25,870 to de-authenticate or disconnect any device from any network 11 11 00:00:25,870 --> 00:00:29,470 without the need to know the key for that network. 12 12 00:00:29,470 --> 00:00:32,100 And in the previous lecture we've seen how we can 13 13 00:00:32,100 --> 00:00:34,329 modify the settings of our routers 14 14 00:00:34,329 --> 00:00:38,910 so that we can increase the encryption of our network, 15 15 00:00:38,910 --> 00:00:40,800 increase the security of our networks 16 16 00:00:40,800 --> 00:00:45,103 so that hackers can't use the attacks and get the password. 17 17 00:00:47,200 --> 00:00:50,330 Now in order to apply the settings 18 18 00:00:50,330 --> 00:00:52,680 that we talked about in the previous lecture 19 19 00:00:52,680 --> 00:00:55,890 you need to be able to access the settings page 20 20 00:00:55,890 --> 00:00:56,723 for your router. 21 21 00:00:56,723 --> 00:00:59,240 Now each router has a web page where you can modify 22 22 00:00:59,240 --> 00:01:01,510 the settings for the router and its usually 23 23 00:01:01,510 --> 00:01:03,560 at the IP of that router. 24 24 00:01:03,560 --> 00:01:05,840 So, first of all I'm gonna check and get the 25 25 00:01:05,840 --> 00:01:09,210 IP of my computer or of my device and I'm just 26 26 00:01:09,210 --> 00:01:11,053 gonna do 'ifconfig lan 0' 27 27 00:01:12,570 --> 00:01:16,340 and as you can see this is the IP of my computer 28 28 00:01:16,340 --> 00:01:17,940 so I'm gonna open my browser 29 29 00:01:21,670 --> 00:01:23,580 and I'm gonna navigate to 30 30 00:01:23,580 --> 00:01:24,600 192 31 31 00:01:24,600 --> 00:01:25,433 168 32 32 00:01:25,433 --> 00:01:27,040 zero 33 33 00:01:27,040 --> 00:01:30,020 and the IP of my computer was 25 34 34 00:01:30,020 --> 00:01:33,600 usually the IP of the router is the first IP in the subnet 35 35 00:01:33,600 --> 00:01:37,400 so this is the subnet, at the moment its 192.168.0 36 36 00:01:37,400 --> 00:01:39,440 and I'm just gonna add number one 37 37 00:01:39,440 --> 00:01:41,730 because that's the first IP in the subnet 38 38 00:01:41,730 --> 00:01:44,470 and that will take me to the router settings page. 39 39 00:01:44,470 --> 00:01:46,400 And as you can see its asking me to enter 40 40 00:01:46,400 --> 00:01:47,990 a username and a password. 41 41 00:01:47,990 --> 00:01:51,240 Now, routers come in with a pre-specified 42 42 00:01:51,240 --> 00:01:53,010 username and password 43 43 00:01:53,010 --> 00:01:55,460 you can check what is the default username and password 44 44 00:01:55,460 --> 00:01:58,600 and then I highly recommend you change them after that. 45 45 00:01:58,600 --> 00:02:00,930 So usually its written in the manual 46 46 00:02:00,930 --> 00:02:02,790 so check the manual to see what's the default 47 47 00:02:02,790 --> 00:02:05,173 username and password and then you can log in. 48 48 00:02:09,060 --> 00:02:11,900 Now in some cases the attacker might be 49 49 00:02:11,900 --> 00:02:14,190 doing a de-authentication attack against you 50 50 00:02:14,190 --> 00:02:17,350 so he might be preventing you from connecting 51 51 00:02:17,350 --> 00:02:18,860 to your network wirelessly. 52 52 00:02:18,860 --> 00:02:21,870 So what you can do is you can connect to your router 53 53 00:02:21,870 --> 00:02:24,310 using a cable, using an ethernet cable 54 54 00:02:24,310 --> 00:02:26,540 and when you do that then the attacker can not 55 55 00:02:26,540 --> 00:02:29,330 use a de-authentication attack to de-authenticate you 56 56 00:02:29,330 --> 00:02:30,460 or disconnect you. 57 57 00:02:30,460 --> 00:02:33,450 So you'll be able to access your router settings 58 58 00:02:33,450 --> 00:02:36,460 using the wire and then you can modify 59 59 00:02:36,460 --> 00:02:39,340 your security settings and change the encryption, 60 60 00:02:39,340 --> 00:02:42,170 change the password, do all the things that I recommended 61 61 00:02:42,170 --> 00:02:45,480 in the previous lecture in order to increase the security 62 62 00:02:45,480 --> 00:02:48,140 so that the attacker will not be able to 63 63 00:02:48,140 --> 00:02:50,543 attack your network and get the key. 64 64 00:02:51,700 --> 00:02:54,810 Now, the settings of each router are different 65 65 00:02:54,810 --> 00:02:56,780 they depend on the manufacturer and even 66 66 00:02:56,780 --> 00:02:59,700 the model of the router but usually the settings 67 67 00:02:59,700 --> 00:03:02,270 the way that you change the settings is the same. 68 68 00:03:02,270 --> 00:03:05,910 And like 90% of the cases the router is always at 69 69 00:03:05,910 --> 00:03:08,650 the first IP of the subnet so all you have to do is 70 70 00:03:08,650 --> 00:03:12,630 you get your IP using 'ifconfig' command like we did here 71 71 00:03:12,630 --> 00:03:16,990 like we did here when we got it and it was 192.168.0.25 72 72 00:03:16,990 --> 00:03:18,910 that's the IP of my device. 73 73 00:03:18,910 --> 00:03:21,690 And then I changed the last 25 to number one 74 74 00:03:21,690 --> 00:03:26,170 to the first IP and that is the IP of my router. 75 75 00:03:26,170 --> 00:03:28,390 Now I'm gonna navigate to the wireless settings 76 76 00:03:28,390 --> 00:03:30,300 now as you can see there's a lot of settings 77 77 00:03:30,300 --> 00:03:32,900 that you can change for your network and we're concerned 78 78 00:03:32,900 --> 00:03:35,430 with the wireless settings at the moment. 79 79 00:03:35,430 --> 00:03:38,240 So as you can see my wireless is enabled, 80 80 00:03:38,240 --> 00:03:39,860 you can change the name of the network, 81 81 00:03:39,860 --> 00:03:41,160 you can change the channel 82 82 00:03:42,170 --> 00:03:44,820 and the bandwidth and all that. 83 83 00:03:44,820 --> 00:03:47,140 So I'm gonna go to the security 84 84 00:03:47,140 --> 00:03:50,180 and as you can see now I'm using WPA encryption 85 85 00:03:50,180 --> 00:03:53,510 with WPA or WPA2 authentication 86 86 00:03:53,510 --> 00:03:55,370 and the encryption using AES and TKIP 87 87 00:03:56,870 --> 00:03:58,050 and 88 88 00:03:58,050 --> 00:03:59,850 if I go on WPS 89 89 00:04:00,710 --> 00:04:03,790 you can see that WPS is disabled 90 90 00:04:03,790 --> 00:04:06,710 as we said now so basically I'm not using web 91 91 00:04:06,710 --> 00:04:09,550 so they cannot use any of the attacks that we 92 92 00:04:09,550 --> 00:04:13,260 spoke about that allow you to crack WEP encryption 93 93 00:04:13,260 --> 00:04:16,170 I'm using WPA which is much more secure 94 94 00:04:16,170 --> 00:04:20,060 and I disabled WPS so they cannot use 95 95 00:04:20,060 --> 00:04:22,670 Reaver to determine my WPS pin and then 96 96 00:04:22,670 --> 00:04:24,300 reverse engineer my password. 97 97 00:04:24,300 --> 00:04:26,330 The only way that the hacker can access or 98 98 00:04:26,330 --> 00:04:29,640 get my password is by obtaining the handshake first 99 99 00:04:29,640 --> 00:04:33,110 and then use a word list to find my password. 100 100 00:04:33,110 --> 00:04:34,760 Now my password is very random 101 101 00:04:34,760 --> 00:04:36,060 even though it actually doesn't use 102 102 00:04:36,060 --> 00:04:39,160 numbers or digits, just letters. 103 103 00:04:39,160 --> 00:04:41,820 But its very random so there is a really small chance 104 104 00:04:41,820 --> 00:04:44,143 of someone being able to guess that password. 105 105 00:04:45,490 --> 00:04:47,320 Now there is another thing that id like 106 106 00:04:47,320 --> 00:04:49,370 to show you here is the access control 107 107 00:04:49,370 --> 00:04:51,650 and using this you can add policies 108 108 00:04:51,650 --> 00:04:55,550 so you can add an allow policy or a deny policy 109 109 00:04:55,550 --> 00:04:58,760 and using that is based on the MAC address 110 110 00:04:58,760 --> 00:05:01,140 you can specify MAC addresses that you want to 111 111 00:05:01,140 --> 00:05:02,960 allow to connect to your network 112 112 00:05:02,960 --> 00:05:05,860 you can also specify MAC addresses 113 113 00:05:05,860 --> 00:05:08,250 that you can deny from your network. 114 114 00:05:08,250 --> 00:05:12,070 So for example, you can just if you don't have many people 115 115 00:05:12,070 --> 00:05:14,950 many visitors coming to the house or if you're 116 116 00:05:14,950 --> 00:05:18,500 in a company with a specified number of computers 117 117 00:05:18,500 --> 00:05:21,010 and you want only to allow a number of computers 118 118 00:05:21,010 --> 00:05:24,290 to connect to that network then you can just obtain 119 119 00:05:24,290 --> 00:05:26,650 ask the people, get their MAC addresses 120 120 00:05:26,650 --> 00:05:28,200 the people that you want to allow 121 121 00:05:28,200 --> 00:05:30,250 and add them in an allow list. 122 122 00:05:30,250 --> 00:05:33,310 Now even if someone has the actual key, 123 123 00:05:33,310 --> 00:05:34,650 the right key for your network, 124 124 00:05:34,650 --> 00:05:36,560 and they don't exist in the white list 125 125 00:05:36,560 --> 00:05:38,270 or in the allow list they will not 126 126 00:05:38,270 --> 00:05:40,840 be able to access the network. 127 127 00:05:40,840 --> 00:05:44,200 You can also add a deny list which is if you 128 128 00:05:44,200 --> 00:05:46,050 you want to deny a certain computer 129 129 00:05:46,050 --> 00:05:48,640 or a certain person that you think are suspicious 130 130 00:05:48,640 --> 00:05:51,080 you can just add the MAC address in the deny list 131 131 00:05:51,080 --> 00:05:53,993 and they will not be able to connect to your network. 132 132 00:05:55,330 --> 00:05:58,390 So this is about it as I said the settings page 133 133 00:05:58,390 --> 00:06:00,200 usually look different 134 134 00:06:00,200 --> 00:06:03,190 the names might be called different names as in 135 135 00:06:03,190 --> 00:06:05,630 the names for each of these tabs 136 136 00:06:05,630 --> 00:06:09,120 but usually the main thing is you should be able to access 137 137 00:06:09,120 --> 00:06:12,070 the router settings using the subnet IP 138 138 00:06:12,070 --> 00:06:15,110 and add the number one which is the first IP at the end 139 139 00:06:15,110 --> 00:06:17,240 and if you're being attacked 140 140 00:06:17,240 --> 00:06:19,350 if you can't connect to your network at all 141 141 00:06:19,350 --> 00:06:22,270 then just use a cable and modify the settings 142 142 00:06:22,270 --> 00:06:24,420 like we discussed in the previous lectures.