On October 16, 2017, Belgian security researchers made public their findings that demonstrated fundamental design flaws in WPA2 that could lead to attacks on wireless networks.
Named KRACKs, or key reinstallation attacks, this technique can theoretically be used by attackers to steal sensitive information from unsuspecting wireless users leveraging these flaws in the WiFi standard.
Regardless of your Wi-Fi vendor, there are a number of steps that can be taken to protect your wireless network.
Patch all of your WiFi devices, whether Windows, Linux, Android, iOS or Mac OS based, with the latest KRACK updates from the vendor. The attack is launched by compromising the wireless device, not the wireless router, so that is the most important area to focus on when you go about patching.
1. You should also check with your vendor to determine if you need to patch your wireless access points and/or routers.
2. Ideally, your WiFi solution would be centrally managed allowing you to provide updates and patches in a timely fashion without crippling IT resources.
3. Add an additional layer of security by using VPN technology to encrypt all network traffic between your wireless devices and your firewall.
4. For SSL encryption on mobile devices, use a Mobile Connect client, which maybe available on the Apple App Store, Google Play, Windows Phone Store or Chrome Web Store.
5. Advise users to transmit sensitive data only on TLS/SSL-encrypted web pages. Look for the green lock symbol in the address bar along with https in the URL.
6. Be on the lookout for unusual activity inside or outside your facility. In order to launch an attack using these vulnerabilities, an attacker must be physically located within Wi-Fi range of both the access point and the wireless client that is attempting to connect to the network. That means the attacker must be in or near your building, which makes it a bit more difficult to leverage than other Internet-only attacks.
7. One other note: there is no need to change Wi-Fi passwords as the KRACKs do not require the Wi-Fi password to be successful.
TCT believes that IT must be able to provide secure, high-speed access for the organization across both the wired and the wireless network, especially as Wi-Fi becomes more of a necessity and less of a luxury. However, cyber criminals are racing to leverage wireless to initiate advanced attacks.
In this day and age, you can never be too careful. Especially when it comes down to your business and data.
Follow us on LinkedIn:
Key Benefits of Proactively Monitoring your IT Network
How’s your WiFi?