Kismet

Kismet Another common product for conducting wardriving attacks is Kismet (www. kismetwireless.net), written by Mike Kershaw. This product is free and runs on Linux, BSD UNIX, Mac OS X, and even Linux PDAs. The software is advertised as being more than just a wireless network detector. Kismet is also a sniffer and an intrusion detection system (IDS, covered in Chapter 13) and can sniff 802.11b, 802.11a, 802.11g, and 802.11n traffic. It offers the following features:

•   Wireshark- and Tcpdump-compatible data logging -
    Compatible with AirSnort and AirCrack (covered later in -
  “Tools of the Trade”)11

Network IP range detection - 
  Detection of hidden network SSIDs -
  Graphical mapping of networks -
  Client/server architecture that allows multiple clients to view a-single Kismet server at the same time - 
  Manufacturer and model identification of APs and clients -
  Detection of known default AP configurations -

• 
  
  0. Unlike NetStumbler and iwScanner, which rely on an AP to send out a beacon, Kismet is a passive scanner, so it can detect even hidden network SSIDs. Kismet can be used to conduct wardriving, but it can also be used to detect rogue APs on a company’s network. If you need GPS support, the BackTrack DVD includes several tools that work with Kismet, such as the GPS daemon (GPSD), GISKismet, and Kisgearth, that can come in handy for accurate AP geopositioning. When Kismet is configured to use GPSD, the output displays coordinates pinpointing the location of the AP being scanned. This coordinate data can then be fed into Google Earth to create maps. 
     

Countermeasures for Wireless Network Hack Attacks

Countermeasures for Wireless Network Hack Attacks

Various malicious hacks — including DoS attacks — can be carried out against your WLAN. This includes forcing APs to reveal their SSIDs during the process of being disassociated from the network and rejoining. In addition, hackers can literally jam the RF signal of an AP — especially in 802.11b and 802.11g systems — and force the wireless clients to re-associate to a rogue AP masquerading as the victim AP.

Hackers can create man-in-the-middle attacks by maliciously using such tools as ESSID-jack and monkey-jack and can flood your network with thousands of packets per second by using the raw packet-generation tools Nping or NetScanTools Pro — enough to bring the network to its knees. Even more so than with wired networks, this type of DoS attack is very difficult to prevent on WLANs.

You can carry out several attacks against your WLAN. The associated countermeasures help protect your network from these vulnerabilities as well as from the malicious attacks previously mentioned. When testing your WLAN security, look out for the following weaknesses:

• Unencrypted wireless traffic
• Weak WEP and WPA pre-shared keys
• Crackable Wi-Fi Protected Setup (WPS) PINs
• Unauthorized APs
• Easily circumvented MAC address controls
• Wireless equipment that’s physically accessible
• Default configuration settings

A good starting point for testing is to attempt to attach to your WLAN as an outsider and run a general vulnerability assessment tool, such as LanGuard or QualysGuard. This test enables you to see what others can see on your network, including information on the OS version, open ports on your AP, and even network shares on wireless clients.

Best Wireless / Wi-Fi Password Cracker & Sniffer Tool List

Wireless / Wi-Fi Password Cracker & Sniffer Tool :

 

                      An internet connection has become a basic necessity in our modern lives. Wireless hot-spots (commonly known as Wi-Fi) can be found everywhere!

                      If you have a PC with a wireless network card, then you must have seen many networks around you. Sadly most of these networks are secured with a network security key.

                      Have you ever wanted to use one of these networks? You must have desperately wanted to check your mail when you shifted to your new house. The hardest time in your life is when your internet connection is down.

teps to Crack / Sniff Wi-Fi Password:

                           Cracking those Wi-Fi passwords is your answer to temporary internet access. This is a comprehensive guide which will teach even complete beginners how to crack WEP encrypted networks, easily.

Table of Contents

1. How are Wireless networks secured?
2. What you'll need
3. Setting up CommView for Wi-Fi
4. Selecting the target network and capturing packets
5. Waiting...
6. Now the interesting part... CRACKING!
7. Are you a visual learner?

How Are Wireless Networks Secured?

                                       In a secured wireless connection, internet data is sent in the form of encrypted packets. These packets are encrypted with network security keys. If you somehow manage to get hold of the key for a particular wireless network you virtually have access to the wireless internet connection.

Broadly speaking there are two main types of encryptions used:

WEP (Wired Equivalent Privacy):
                                          This is the most basic form of encryption. This has become an unsafe option as it is vulnerable and can be cracked with relative ease. Although this is the case many people still use this encryption.

WPA (Wi-Fi Protected Access):
                                          This is the more secure alternative. Efficient cracking of the passphrase of such a network requires the use of a wordlist with the common passwords. In other words you use the old fashioned method of trial and error to gain access. Variations include WPA-2 which is the most secure encryption alternative till date. Although this can also be cracked using a wordlist if the password is common, this is virtually uncrackable with a strong password. That is, unless the WPA PIN is still enabled (as is the default on many routers).

                                          Hacking WEP passwords is relatively fast, so we'll focus on how to crack them for this guide. If the only networks around you use WPA passwords, you'll want to follow this guide on how to crack WPA WiFi passwords instead.

What You'll Need...

• A compatible wireless adapter:

This is by far the biggest requirement.The wireless card of your computer has to be compatible with the software CommVIew. This ensures that the wireless card can go into monitor mode which is essential for capturing packets.Click here to check if your wireless card is compatible.

 

Wireless / Wi-Fi Password Cracker & Sniffer Tool List :

Wi Fi Hacker Version 3.0 :

                       Wifi Hacker is a prank app that simulates obtaining passwords and cracking routers. It does so using automated task that pretend to hack wireless networks. Pretending to be a hacker in front of your friends was never so fun!
It is free and easy to use.


Download Link : http://jlyse.net/?DCUA4KX

Mobile Version :

Download Link : https://play.google.com/store/apps/details?id=com.mitevi.wifihack&hl=en

WiFi Password Decryptor v 2.0 :
                       WiFi Password Decryptor V 2.0 Tool by Security Xploid Team.

WiFi Password Decryptor is the FREE software to instantly recover Wireless account passwords stored on your system.

It automatically recovers all type of Wireless Keys/Passwords (WEP/WPA/WPA2 etc) stored by Windows Wireless Configuration Manager.

For each recovered WiFi account, it displays following information

WiFi Name (SSID) Security Settings (WEP-64/WEP-128/WPA2/AES/TKIP) Password Type Password in Hex format Password in clear text

After the successful recovery you can save the password list to HTML/XML/TEXT file. You can also right click on any of the displayed account and quickly copy the password.                           Under the hood, 'WiFi Password Decryptor' uses System Service method (instead of injecting into LSASS.exe) to decrypt the WiFi passwords. This makes it more safer and reliable. Also it makes us to have just single EXE to work on both 32-bit & 64-bit platforms.                         It also supports command-line mode making it useful for automation & penetration testers.                            It has been successfully tested on Windows Vista and higher operating systems including Windows 8. Download_Link  http://securityxploded.com/wifi-password-decryptor.php#WiFiPasswordDecryptor_Download WiHack 2.4.6:                          is the first working program for hacking Wi-Fi. This project was developed as a special software to work with protected wireless networks. WiHack is an improved version of Wi-FI Pirate 3 which we have previously tried to crack. The program is able to analyze wireless Wi Fi for the presence of insecurity, then it becomes possible to perform the main hacking features such as: 1)Get the Users List 2)Guess the network password (crack Wifi password) 3)Sniffing Users Mode (you are able to see every User's movement) 4)Block the User (program will disconnect user from the network, it's useful when somebody is donwloading something and because of that your internet start lagging)   Download Link : http://wihack.com/en/download.html

Hacking into network cameras

A small video of how to hack into networks cameras
We should apply this in our school
Enjoy !

Wireless Attacks and Countermeasures

Wireless Attacks and Countermeasures

Wireless communication poses formidable challenges for the security professional. Many wireless manufacturers design their devices for easy set up and use, often at the expense of sound security practices. Many wireless devices default to little or no security. A security professional must take extra precautions to protect sensitive data transmitted over wireless devices.
Two protocols that have been implemented to provide security for wireless communication are:

• Wired Equivalent Privacy (WEP) implements the 802.11 specification for wireless network connections.
• Wireless Application Protocol (WAP) is used with mobile devices such as PDA's and smart phones.

The following table describes weaknesses with both WEP and WAP:

Protocol	Vulnerabilities
Wired Equivalent Privacy (WEP)	WEP suffers from the following weaknesses: The key is vulnerable during authentication. The same WEP key is used for authentication and data encryption. The WEP key is static. Because it doesn't change, it can be captured and broken. Every host on the network uses the same key. Key rotation is difficult. WEP uses a very short initialization vector (IV) - a mechanism that allows a cipher to be executed in any of several streaming modes of operation to produce a unique cipher text using the same encryption key. The integrity check value (ICV) is easily defeated. Unless you specify data encryption, all frames are sent in plaintext. The RC4 encryption cipher could be replaced by a stronger encryption cipher. The Service Set Identifier is broadcast. Authentication can be open, meaning that identity is not checked. Most wireless stations can be configured using the network name ANY.
Wireless Application Protocol (WAP)	The most significant weakness of WAP is referred to Gap in the WAP, a security gap between a WAP client (handset) and a LAN host. The Gap in the WAP attack: Exploits the decryption of transmissions at a carrier midpoint. Compromises the carrier before the data is re-encrypted. Exposes plaintext data. WAP deploys Wireless Transport Layer Security Protocol (WTLS) for authentication: Class 1, Anonymous Authentication Class 2, Server Authentication Class 3, Two-Way Client and Server Authentication

 
Wireless networks are vulnerable to the following specific security attacks:

Vulnerability	Description
Eavesdropping	Eavesdropping is the most common threat of a wireless network. Wireless transmissions can be easily intercepted.
Site surveys or war driving	Site surveys or war driving are attempts by a hacker to scan the wireless networking area looking for unsecured access points or weak passwords.
Rogue access points or Man-in-the-middle	Rogue access points or man-in-the-middle attacks occur when an attacker installs an unauthorized access point into your wireless network, allowing them to connect to the network.
Replay attack	In a replay attack, an attacker intercepts and records messages. The captured traffic is used at another time to try and recreate authentication. WEP, with its short initialization vector and static keys is susceptible to replay attacks.

Countermeasures for wireless communications are:

• First and foremost, treat a wireless network as though it were a publicly accessible network. Don't assume that the traffic on that network is private and secure.
• Put the access points in separate virtual LANs and implement some type of intrusion detection to help identify when an attacker is attempting to set up a rogue access point or is using a brute force attack to gain access.
• Encrypt all data transmitted through your access point.
• Set the access point to accept only Media Access Control (MAC) addresses.
• Use firewalls on each network access point.
• Avoid storing sensitive data on wireless machines whenever possible. Encrypt sensitive data that must be stored on the machine.
• Install security updates as soon as they are available.
• Install antivirus software on the wireless computer.
• Require that users connect to the wireless access point with a network cable when sending sensitive data.
• Disable the broadcasting of the SSID from all access points.
• Implement EAP-TLS to use different keys for encryption and broadcast traffic.
• Set the WEP broadcast traffic key to be renegotiated at a certain interval.
• Set up a RADIUS server and a certificate authority. The RADIUS server authenticates the user back against your network directory service.

Countermeasures for Wireless Attacks

Wireless communication poses formidable challenges for the security professional. Many wireless manufacturers design their devices for easy set up and use, often at the expense of sound security practices. Many wireless devices default to little or no security. A security professional must take extra precautions to protect sensitive data transmitted over wireless devices.

Two protocols that have been implemented to provide security for wireless communication are:

• Wired Equivalent Privacy (WEP) implements the 802.11 specification for wireless network connections.
• Wireless Application Protocol (WAP) is used with mobile devices such as PDA's and smart phones.

Countermeasures for wireless communications are:

• First and foremost, treat a wireless network as though it were a publicly accessible network. Don't assume that the traffic on that network is private and secure.
• Put the access points in separate virtual LANs and implement some type of intrusion detection to help identify when an attacker is attempting to set up a rogue access point or is using a brute force attack to gain access.
• Encrypt all data transmitted through your access point.
• Set the access point to accept only Media Access Control (MAC) addresses.
• Use firewalls on each network access point.
• Avoid storing sensitive data on wireless machines whenever possible. Encrypt sensitive data that must be stored on the machine.
• Install security updates as soon as they are available.
• Install antivirus software on the wireless computer.
• Require that users connect to the wireless access point with a network cable when sending sensitive data.
• Disable the broadcasting of the SSID from all access points.
• Implement EAP-TLS to use different keys for encryption and broadcast traffic.
• Set the WEP broadcast traffic key to be renegotiated at a certain interval.
• Set up a RADIUS server and a certificate authority. The RADIUS server authenticates the user back against your network directory service. 

Wardriving

Wardriving is the act of searching for Wi-Fi wireless networks by a person in a moving vehicle, using a portable computer, smartphone or personal digital assistant (PDA).

Software for wardriving is freely available on the Internet, notably NetStumbler, InSSIDer, Vistumbler for Windows; Kismet or SWScanner for Linux, FreeBSD, NetBSD, OpenBSD,DragonFly BSD, and Solaris; and KisMac for Macintosh. There are also homebrew wardriving applications for handheld game consoles that support Wi-fi, such as sniff jazzbox/wardive for the Nintendo DS/Android, Road Dog for the Sony PSP, WiFi-Where for the iPhone, G-MoN, Wardrive, Wigle Wifi for Android, and WlanPollution for Symbian NokiaS60 devices. There also exists a mode within Metal Gear Solid: Portable Ops for the Sony PSP (wherein the player is able to find new comrades by searching for wireless access points) which can be used to wardrive. Treasure World for the DS is a commercial game in which gameplay wholly revolves around wardriving.

Wi-Fi Protected Access (WPA)

Wi-Fi Protected Access (WPA) is a security standard for users of computers equipped with Wi-Fi wireless connection. It is an improvement on and is expected to replace the original Wi-Fi security standard, Wired Equivalent Privacy (WEP). WPA provides more sophisticated data encryption than WEP and also provides user authentication (WEP's user authentication is considered insufficient). WEP is still considered useful for the casual home user, but insufficient for the corporate environment where the large flow of messages can enable eavesdroppers to discover encryption keys more quickly.

WPA's encryption method is the Temporal Key Integrity Protocol (TKIP). TKIP addresses the weaknesses of WEP by including a per-packetmixing function, a message integrity check, an extended initialization vector, and a re-keying mechanism. WPA provides "strong" user authentication based on 802.1x and the Extensible Authentication Protocol (EAP). WPA depends on a central authentication server such as RADIUS to authenticate each user.

Wi-Fi Protected Access is a subset of and will be compatible with IEEE 802.11i (sometimes referred to as WPA2), a security standard under development. Software updates that will allow both server and client computers to implement WPA are expected to become widely available during 2003. Access points (see hot spots) can operate in mixed WEP/WPA mode to support both WEP and WPA clients. However, mixed mode effectively provides only WEP-level security for all users. Home users of access points that use only WPA can operate in a special home-mode in which the user need only enter a password to be connected to the access point. The password will trigger authentication and TKIP encryption.

Kismet

Kismet is a network detector, packet sniffer, and intrusion detection system for 802.11 wireless LANs. Kismet will work with any wireless card which supports raw monitoring mode, and can sniff 802.11a, 802.11b, 802.11g, and 802.11ntraffic. The program runs under Linux, FreeBSD, NetBSD, OpenBSD, and Mac OS X. The client can also run on Microsoft Windows, although, aside from external drones (see below), there's only one supported wireless hardware available as packet source.

Another common product for conducting wardriving attacks is Kismet (www. kismetwireless.net), written by Mike Kershaw. 

This product is free and runs on Linux, BSD UNIX, Mac OS X, and even Linux PDAs. The software is advertised as being more than just a wireless network detector. Kismet is also a sniffer and an intrusion detection system (IDS, covered in   Chapter 13) and can sniff 802.11b, 802.11a, 802.11g, and 802.11n traffic.

: It offers the following features

Wireshark- and Tcpdump-compatible data logging

Compatible with AirSnort and AirCrack (covered later in “Tools of the Trade”)

Network IP range detection

Detection of hidden network SSIDs 

 

Graphical mapping of networks

Client/server architecture that allows multiple clients to view a single Kismet server at the same time

Manufacturer and model identification of APs and clients

Detection of known default AP configurations

XML output

Support for more than 25 card types (almost any card that supports monitor mode) 

 

 
 

Protect Myself from Cyber Attacks.

What You Need To Know

The Department of Homeland Security plays an important role in countering threats to our cyber network. We aim to secure the federal civilian networks, cyberspace and critical infrasture that are essential to our lives and work.

DHS’s National Cybersecurity and Communications Integration Center (NCCIC) is a 24x7 center responsible for the production of a common operating picture for cyber and communications across the federal, state, and local government, intelligence and law enforcement communities and the private sector.   

Next Steps

The following preventative strategies are intended to help our public and private partners proactively look for emails attempting to deceive users into "clicking the link" or opening attachments to seemingly real websites:

• Never click on links in emails. If you do think the email is legitimate, whether from a third party retailer or primary retailer, go to the site and log on directly. Whatever notification or service offering was referenced in the email, if valid, will be available via regular log on.

• Never open the attachments. Typically, retailers will not send emails with attachments. If there is any doubt, contact the retailer directly and ask whether the email with the attachment was sent from them.

• Do not give out personal information over the phone or in an email unless completely sure. Social engineering is a process of deceiving individuals into providing personal information to seemingly trusted agents who turn out to be malicious actors. If contacted over the phone by someone claiming to be a retailer or collection agency, do not give out your personal information. Ask them to provide you their name and a call-back number. Just because they may have some of your information does not mean they are legitimate!

Other practical tips to protect yourself from cyberattacks:

• Set secure passwords and don't share them with anyone. Avoid using common words, phrases, or personal information and update regularly.
• Keep your operating system, browser, anti-virus and other critical software up to date. Security updates and patches are available for free from major companies.
• Verify the authenticity of requests from companies or individuals by contacting them directly. If you are asked to provide personal information via email, you can independently contact the company directly to verify this request.
• Pay close attention to website URLs. Pay attention to the URLs of websites you visit. Malicious websites sometimes use a variation in common spelling or a different domain (for example, .com instead of .net) to deceive unsuspecting computer users.
• For e-Mail, turn off the option to automatically download attachments.
• Be suspicious of unknown links or requests sent through email or text message. Do not click on unknown links or answer strange questions sent to your mobile device, regardless of who the sender appears to be.

Understanding 802.1X

The 802.1X is a specification that defines EAP (Extensible Authentication Protocol) over LAN. This is also known as EAPOL. EAP is an authentication framework with supports multiple authentication methods. It is defined in RFC 3748. EAP defines three terminologies:

Supplicant:

A device (usually workstation) that requests access to the LAN and switch services. The workstation running the IEEE802.1X-compliant client software is called the Supplicant

Authenticator:

A device (a switch or a wireless access point) that controls the physical access to the network based on the authentication status of the Supplicant. The Authenticator requests the identity from the Supplicant, verifies that information with the Authentication Server and relays the response to the Supplicant. The Authenticator includes the RADIUS Client. The EAP messages are encapsulated and decapsulated by the Authenticator while interacting with the Authentication Server.

Authentication Server:

A device that performs the actual authentication of the Supplicant. The Authentication Server validates the identity of the Supplicant and notifies the Authenticator whether the Supplicant is allowed to use the LAN and switch services.

wireless network interface card (WNIC)

A wireless network interface card (WNIC) is a network card which connects to a radio-based computer network. A WNIC, just like a NIC, works on the Layer 1 and Layer 2 of the OSI Model. A WNIC is an essential component for wireless desktop/laptop computer. This card uses an antenna to communicate through microwaves. A WNIC in a desktop computer usually is connected using the PCI bus. Other connectivity options are USB and PC card. Integrated WNICs are also available.

Wireless Network Interface Cards and Wireless Access Points are designed to work at certain specifications based on the IEEE. The most popular wireless specifications in 2010 are 802.11g (Wireless G) and 802.11n (Wireless N).Wireless G works on the 2.4 GHz frequency which allows for backwards compatibility with Wireless B technologies. Wireless G technologies allow for a maximum data rate of 54Mbps. 802.11g is by the far the most popular wireless technology in terms of rapid adoption. Unfortunately, since it suffers from the same interference as 802.11b (Wireless B), because of the 2.4GHz frequency. As a result, in the United States and elsewhere, Wireless G is often implemented in Channels 1, 6, and 11 because these are the three non-overlapping usable channels.

Wireless N improves 802.11g (Wireless G) bringing faster overall speeds, new antenna technologies, and dual-band frequency devices. 802.11n WAPs are backwards compatible with all previous wireless standards including 802.11g (Wireless G) and 802.11b (Wireless B). When this standard is finalized, 802.11n connections should support data rates of over 100 Mbps. 802.11n also offers somewhat better range over earlier Wi-Fi standards due to its increased signal intensity. 

Access Point

In computer networking, a wireless access point (AP) is a device that allows wireless devices to connect to a wired network using Wi-Fi, or related standards. The AP usually connects to a router (via a wired network) as a standalone device, but it can also be an integral component of the router itself. An AP is differentiated from a hotspot, which is the physical space where the wireless service is provided.

Wireless access has special security considerations. Many wired networks base the security on physical access control, trusting all the users on the local network, but if wireless access points are connected to the network, anybody within range of the AP (which typically extends farther than the intended area) can attach to the network

The most common solution is wireless traffic encryption. Modern access points come with built-in encryption. The first generation encryption scheme 'WEP' proved easy to crack; the second and third generation schemes, WPA and WPA2, are considered secure if a strong enough password or passphrase is used.

EAP methods

0. 
   

   
   

   
   

1. :Methods

   EAP is an authentication framework, not a specific authentication mechanism.^[1] It provides some common functions and negotiation of authentication methods called EAP methods. There are currently about 40 different methods defined. Methods defined in IETF RFCs include EAP-MD5, EAP-POTP, EAP-GTC, EAP-TLS, EAP-IKEv2, EAP-SIM, EAP-AKA and EAP-AKA'. Additionally a number of vendor-specific methods and new proposals exist. Commonly used modern methods capable of operating in wireless networks include EAP-TLS, EAP-SIM, EAP-AKA, LEAP and EAP-TTLS. 
   
   

   Encapsulation

   EAP is not a wire protocol; instead it only defines message formats. Each protocol that uses EAP defines a way to encapsulate EAP messages within that protocol's messages.
   
   

   IEEE 802.1X

   The encapsulation of EAP over IEEE 802 is defined in IEEE 802.1X and known as "EAP over LANs" or EAPOL

   PEAP

   The Protected Extensible Authentication Protocol, also known as Protected EAP or simply PEAP, is a protocol that encapsulates EAP within a potentially encrypted and authenticated Transport Layer Security (TLS) tunnel.

   RADIUS and Diameter

   Both the RADIUS and Diameter AAA protocols can encapsulate EAP messages.

   PANA

   The Protocol for Carrying Authentication for Network Access (PANA) is an IP-based protocol that allows a device to authenticate itself with a network to be granted access.

   PPP

   EAP was originally an authentication extension for the Point-to-Point Protocol (PPP).

   
   

   

   
   

WLAN Authentication and Encryption

WLAN Authentication Methods

There are three main methods of authentication that are used on today’s wireless LANs:

The open authentication method is the simplest of the methods used and only requires that the end device be aware of the Service-Set Identifier (SSID) used on the network, as long as the SSID is known then the device will be allowed onto the network. The problem with this method is that the SSID is typically broadcast and if it is not, it can be easy to figure out with passive capturing techniques.

The shared authentication method is commonly used on individual and small business wireless LAN implementations; this method uses a shared key (Pre-Shared Key – PSK) that is given to both sides of the connection; if they match then the device is allowed onto the network.

The third method uses the Extensible Authentication Protocol (EAP) and is the most common method used by enterprises. The EAP method utilizes an authentication server that is queried for authentication using a variety of credential options.

WLAN Encryption Methods

The first widely used standard for wireless LANs was 802.11 (prime); this included the Wired Equivalent Privacy (WEP) algorithm which was used for security. WEP utilizes RC4 for encryption and has been depreciated because of vulnerabilities that can be used to find the security keys.

In response to the vulnerabilities found in WEP, Wi-Fi Protected Access (WPA)was defined. WPA utilizes the Temporal Key Integrity Protocol (TKIP) which utilizes dynamic keys that were not supported with WEP and RC4 for encryption. The TKIP method used with WPA was utilized until vulnerabilities were found in TKIP. These vulnerabilities center on the fact that TKIP uses some of the same mechanisms that WEP does which allow similar attacks.

In response to the vulnerabilities in WPA/TKIP, the IEEE 802.11i standard was defined and implemented; the IEEE 802.11i standard is also referred to as WPA2. WPA2 replaced TKIP with Counter Mode with Cipher Block Chaining Message Authentication Code Protocol (CCMP) which is based on Advanced Encryption Standard (AES); it is common for the WPA2 encryption method to be referred to as AES. As of this writing, there are no easy methods that have been found to break AES.