14 Nov KRACK – A growing threat to your network.
Cyber attackers have added a new member to their team and it’s a potential game changer. It’s name is KRACK. Recently published research has identified multiple vulnerabilities in Wi-Fi devices. Simply, KRACK will reinstall network encryption keys on the devices disabling replay protection and significantly reducing the security of encryption https://www.krackattacks.com
KRACK vulnerability in WPA2 Wi-Fi encryption (Wi-Fi Protected Access 2, is the security method added to WPA for wireless networks that provides stronger data protection and network access control) has hit the industry side on with Networks & IT teams rushing to lock down devices and Wi-Fi equipment. For most though, this is yet another situation where the security goalposts have moved. However, the default is still that ‘open’ Wi-Fi networks aren’t safe, whereas password protected’ networks are seen as far more secure.
Should you be worried?
Yes, you should. Why? Because WPA2 is used everywhere and so many people rely on it being the means of securing their traffic. Currently, there is no evidence that the vulnerability has been exploited maliciously. However, as with any network you must be vigilant. An attacker would have to be within Wi-Fi range to carry out any of those exploits, which dramatically reduces the risk that an average person will be targeted. Unlike server-side bugs like Heartbleed or Shellshock, there’s no way to carry out the attack over the internet at large. Hackers need to be physically present in range of a network.
What can be done and what should you do to protect yourself?
The first thing to do is update all your software on your wireless devices. KRACK mainly affects your PCs, phones, IoT devices etc. that act as a Wi-Fi client – make this the action. Secondly, if your Wi-Fi network uses bridging or roaming anywhere, your Wi-Fi network equipment is also vulnerable.
Although this won’t give you complete protection it will mitigate the chances of being a victim
What if you have Wi-Fi device from KubeNet
If Kube manage your Cisco Meraki or Cisco Aironet Wi-Fi Access points, then our experienced team of engineers will ensure your devices are updated with new firmware/patches as they come online. If you have a small DSL Wi-Fi Router from Kube, then please consult your IT support for advice or speak to the KubeNet support team.
In the meantime, we have a few top tips to help keep with your Wi-Fi security.
Remember it may take some time for the manufacturer of your devices to come up with a security patch. In the meantime, there are extra steps you can take to help secure your devices.
1. Firewall / Virus / Malware
All types of business need this level of protection. Check your Firewall is up to spec and can cope with your business needs. You should ensure your UTM including Virus / Malware are up to date. If you don’t have a Firewall protection, please speak to the KubeNet support team for further information.
2. HTTP vs HTTPs
Additionally, only using HTTPS-enabled websites means your web traffic will also be encrypted by SSL and may be safer from this vulnerability. HTTPS browsing adds an extra layer of security by using encryption via the website you are visiting.
3. Out and about? – Free doesn’t mean safe!
Just because Wi-Fi is free, doesn’t mean you’re in the clear for potential security breaches. logging in with a password in a coffee shop doesn’t mean your online activities are encrypted. Always be wary using random Wi-Fi hotspots or free Wi-Fi networks that appear to be open to join. These could be made by hackers themselves as a way take advantage of those who aren’t careful and join. It’s safer to use your mobile data, that’s why you pay for it.
4. Use a strong password
Strong password protection is key. Using a weak password massively increases the likelihood that your system will be compromised at some point. Change it regularly, don’t share your Main Wi-Fi networks with your Guests, where possible have two separated Wi-Fi networks for your company and Guests. Most Wi-Fi enabled routers have this level of functionality.
Insecure Wi-Fi or an unreliable ISP service is no defence against an attacker who’s determined to hack your data. Hackers will go to extreme lengths to gain access to your network and will even tap your physical wired infrastructure. That’s why KubeNet continue to invest and protect our customers against threats. However, remember it’s about collaboration and together we can mitigate the threats and ensure that when GDPR comes around your business is at the front leading.
If you would like to speak to one of the security experts for advice regarding KRACK or network security call us on 0344 873 4488 option 2 or email us at firstname.lastname@example.org. For more information on the other services Kube provide check out our website www.KubeNet.net