1
00:00:01,310 --> 00:00:09,170
So WPA can be configured in two very different modes, pressured key and enterprise mode.

2
00:00:10,610 --> 00:00:14,570
WPA personal mode is appropriate for most home networks.

3
00:00:15,460 --> 00:00:21,820
On a password Esad and a wireless router or an access point, it has to be entered by users when connecting

4
00:00:21,820 --> 00:00:22,930
to the Wi-Fi network.

5
00:00:24,080 --> 00:00:31,010
And in that personal mode, wireless access can be individually or centrally managed, one password

6
00:00:31,010 --> 00:00:38,210
will apply for all users and it should be manually changed on all the wireless clients once it's manually

7
00:00:38,210 --> 00:00:41,570
modified on the original wireless router or app.

8
00:00:43,380 --> 00:00:46,650
So then the password is stored on the wireless client.

9
00:00:47,750 --> 00:00:52,610
Therefore, anyone on the computer can connect to the network and also see the password.

10
00:00:54,450 --> 00:01:00,990
So enterprise mode provides the security needed for wireless networks and business environments, so

11
00:01:00,990 --> 00:01:08,310
it's a lot more complicated to set up because it offers individualized and centralized control over

12
00:01:08,340 --> 00:01:10,630
access to this Wi-Fi network.

13
00:01:11,430 --> 00:01:16,380
So when users try to connect to the network, they need to present their login credentials.

14
00:01:17,490 --> 00:01:25,740
This vote supports Aido to 1x radius authentication and is appropriate in the cases where a radius server

15
00:01:25,740 --> 00:01:32,040
is deployed, it might be a little too obvious, but I just want to let you know the WPA enterprise

16
00:01:32,040 --> 00:01:38,610
should only be used when a radius server is connected in order to do the client authentication.

17
00:01:39,970 --> 00:01:46,870
Users will never have to deal with the actual encryption keys, they are securely created and assigned

18
00:01:46,870 --> 00:01:53,770
per user session in the background after a user presents their login credentials so it prevents people

19
00:01:53,770 --> 00:01:59,110
from getting the network key from any individual computers.

20
00:02:01,050 --> 00:02:05,950
WPA enterprise is more secure than WPA to Kay.

21
00:02:06,970 --> 00:02:12,730
Because, well, the important thing to note about the personal mode is that all the clients will always

22
00:02:12,730 --> 00:02:16,390
encrypt their data with the same PMK every time.

23
00:02:17,820 --> 00:02:22,920
So it's easier to gather a lot of data encrypted with the same PMK.

24
00:02:23,940 --> 00:02:31,080
Now, should someone actually break the PMK, they could decrypt all the data and encrypted with that

25
00:02:31,080 --> 00:02:36,660
key past and or recorded in the future or real time?

26
00:02:38,620 --> 00:02:46,210
But otherwise, Enterprise provides every client different PMK instead of each client using the same

27
00:02:46,210 --> 00:02:48,450
PMK all the time, right?

28
00:02:48,520 --> 00:02:55,780
So it changes every session and association and that seat is random as well as unknown.

29
00:02:57,150 --> 00:03:04,440
Now, should someone break a particular PMK while they only get access to that one section of that one

30
00:03:04,440 --> 00:03:10,980
client, they don't get access to the user's credentials since they were individually encrypted.

31
00:03:12,120 --> 00:03:14,510
That, of course, is a whole lot more secure.