Are there KRACKs in your Wireless Network Security?
On October 16, 2017, Belgian security researcher made public their findings that demonstrated fundamental design flaws in WPA2 that could lead to man-in-the-middle (MITM) attacks on wireless networks.
Named KRACKs, or key reinstallation attacks, this technique can theoretically be used by attackers to steal sensitive information from unsuspecting wireless users leveraging these flaws in the WiFi standard.
More details on these vulnerabilities are available on the researchers’ website at www.krackattacks.com.
What can I do to protect my wireless network?
We do recommend that you take immediate action to minimize the risk presented by these vulnerabilities. We advise the following:
- Patch all of your WiFi clients, whether Windows, Linux, Android, iOS or Mac OS based, with the latest KRACK updates from your client vendors. The attack is launched by compromising the wireless device, not the wireless router, so that is the most important area to focus on when you go about patching.
- Check with your vendor to determine if you need to patch your wireless access points and/or routers. Ideally, your WiFi solution would be centrally managed allowing you to provide updates and patches in a timely fashion without crippling IT resources.
- Add an additional layer of security by using VPN technology to encrypt all network traffic between your wireless devices and your firewall.
- Transmit sensitive data only on TLS/SSL-encrypted web pages. Look for the green lock symbol in the address bar along with https in the URL.
- Be on the lookout for unusual activity inside or outside your facility. In order to launch an attack using these vulnerabilities, an attacker must be physically located within Wi-Fi range of both the access point and the wireless client that is attempting to connect to the network. That means the attacker must be in or near your building, which makes it a bit more difficult to leverage than other Internet-only attacks.
- One other note: there is no need to change Wi-Fi passwords as the KRACKs do not require the Wi-Fi password to be successful.
Get In Touch With SOS Technology Group Today
SOS can help you extend breach prevention to your wireless network while surveying if your current solution places you at risk.
SOS Technology Group is a full-service IT consulting company focused on delivering IT Services and Solutions to businesses across the USA. We offer specialized, highly customized technology solutions for small and medium-sized businesses. Our experienced team will be able to assist you in creating a practical, sustainable IT infrastructure for your business, from helping develop your overall IT Strategy down to implementing a fully functional network in your environment. We offer a range of IT Consulting and IT Outsourcing services including Network Management, Dedicated Servers and Managed Services, customized to meet your unique business needs, so you can stop worrying about technology and focus on your business. Give us a call at 410-559-7020 or contact us here to get started. You can also follow us on Facebook, Twitter, LinkedIn, Pinterest, and YouTube.