3 Takeaways for the KRACK WPA2 Vulnerability

WiFi Security and WPA2

Over the last 48 hours security researchers have discovered new weaknesses in the WPA2 Wi-Fi security protocol which could allow hackers to steal sensitive info or even inject malware into networks and network devices, with mobile devices being particularly vulnerable due to the proliferation of native apps which may not implement app-level encryption.  

As stated on KrackAttacks, the weaknesses are in the Wi-Fi standard itself, and not in individual products or implementations. Therefore, any correct implementation of WPA2 is likely affected. 

The attack works by focusing on the four-way handshake used by WPA2 to confirm that client and access point have the correct network password and to negotiate a new encryption key to be used to encrypt all subsequent traffic. 

To prevent the attack, users must update affected products as soon as security updates become available. 

1. There is no silver bullet for cyber threat prevention; nothing is secured forever. Vulnerabilities will always await discovery and be subject to exploitation. Developers call them “bugs”, but we must all learn to speak the same language, and adopt a holistic layered approach.

2.  SANS Institute describes the term layered security as “a defensive strategy featuring multiple defensive layers that are designed to slow down an attacker”. The military uses similar tactics called “deep defense” or “defense in depth,” where their goal is to slow an attack, causing enemy casualties. In the digital world, this means causing delays for the attackers and detecting them before they can do serious damage. In some cases, a properly implemented layer may act as a strong enough deterrent to cause the attacker to look for an easier target.

3. Although an attacker may gain wireless access into your network, a layered security approach will ensure that the hole discovered can’t be exploited. By adhering to best practices like keeping systems patched and updated, implementing user roles and group policy, having end-to-end network segmentation in place to limit the spread of malware and free reign of bad actors, utilizing multi-factor authentication (MFA), securing data with data at rest and in-flight encryption, and taking advantage of app-level encryption where possible. 

If you’d like to discuss the threat landscape and how things like this WPA2 crack happen, best practices for adopting a holistic security approach, or the unique challenges inherent to your business, please reach out to me directly. We’re here to help. 

The Great WiFi Migration

Cloud this, virtual that… it’s the future, and mostly it’s a good thing! Welcome to the great WiFi expansion, folks!

The Past

Not too long ago, when people started deploying multiple wireless access points (APs) in a single location, they realized how cumbersome it was to manage all APs individually. The masses demanded a way of managing multiple APs from a single location, and so the Controller was born. A Controller is just what the name says: a device that ‘controls’ and manages all APs from one central location.

For some time, this was the only option for managing multiple APs, and there was no way around it. And it was a great thing. It still is.

Now 

[Read more…]

BYOD: Is it Worth the Risk?

The Bring Your Own Device (BYOD) phenomenon has become a highly debated topic in many organizations. While some enterprises are fully enveloped in the BYOD trend, others are hesitant to adopt this new strategy because of the numerous risks associated with it. Regardless, here is what you need to know to be BYOD-ready.

[Read more…]

Breaking news: Ruckus Will Be Joining The Cloud!

That’s right people, the Controller based wireless giant is working on a cloud offering similar to Aerohive, Aruba and Meraki.

For now, it is still too early to tell what we are exactly in for. Ruckus is keeping their cards close.  As a matter of fact, the whole Ruckus Cloud offering subject is very hush hush.   Just getting whispers on the subject wasn’t easy – we had to have our cousin Vinny pay a visit to Ruckus HQ with a baseball bat.

For plausible deniability, we cannot tell you what he did there. For now, we know that Ruckus will be making a public announcement of their Cloud Managed solution some time in April. We are not sure if the solution will be ready by then, or if that’s when it will be announced. What we do know, however, is that this will be a huge win for Ruckus.

Cloud managed solutions are somewhat new, and up until recently Aerohive and Meraki were the only two giants in the field. Since then, Aruba has introduced their Aruba Central Cloud management service. Meraki was purchased by Cisco in Q4 of 2012 – therefore Cisco has a cloud managed WiFi. And now, Ruckus is joining the pack!

What’s all the fuss about Cloud managed WiFi and why the move toward them, you might ask? Well, the short answer is: Cloud managed WiFi solutions offer the benefits of a physical controller, without the huge initial cost.
I will not be going over what those benefits are, as I have already done this in another blog, so if you would like to find out more on Cloud vs. Controller based WiFi solutions click here.

Ruckus Cloud Managed WiFi is huge news, and we will keep our ears open for any new information. Or maybe we will send cousin Vinny to visit Ruckus HQ again.

___________________________________________________________________________________________________________________________________________________________________

Peter Yordanov. Signing Out.

Controller, Cloud Managed and Standalone WiFi Deployments, Oh My!

Hello all, the speaking.

 

In the WiFi world, there are three major types of wireless deployments. These are, as the title says, Controller Based, Cloud Managed, and Standalone; They are all different, and each one has its correct application, benefits, and vices. It has come to my attention that the differences among these groups aren’t understood well. Usually people are more interested in the brand name rather than the group it falls in. And that’s okay, I am here to help you choose the correct WLAN solution for your needs. Just to clarify, I will NOT be going into a discussion of which manufacturer falls into which category, or which one is better. That type of battle is best left alone for another day.

[Read more…]

The Art of AP Placement

Hi all, I’m the

Today we will talk about where and how to place APs in an indoor environment.

Often times I see a WLAN network ruined because of how and where the APs are placed. In such a case, IT staff will usually go buy and add more APs. This isn’t always the answer, and often it adds a different set of problems. Sometimes the solution may be something as simple as relocating APs.

[Read more…]