A reasonably simple flaw within the WPA2 protocol for Wi-Fi networks came to light yesterday, which under certain circumstances, and with a degree of technical know-how, allows the exploiter to ‘unencrypt’ and read messages sent over a “secure” Wi-Fi connection.
In order to take advantage of this flaw, the attacker has to be in range of the Wi-Fi network, so being physically close to the signal is required, and they will need to know of a device that is connected or able to connect to the exploitable network.
The attacker uses a technique known as a ‘Man in the Middle’ to perform the exploit and is then able to decrypt and read any conversation between the exposed device and the Wi-Fi access point passively.
For most of us, we will have to wait until the vendors release updated firmware or software over the coming days and weeks before the risk can be fully removed. Expect the vendors to work hard but do not expect everything to be released in the blink of an eye. That doesn’t mean, however, that businesses should feel powerless or just wait until the patches appear before taking action.
In the meantime, there are a number of steps which can take immediately to get ready for this approaching headache. Acting now will help ensure that the security loopholes created by KRACK are fully closed, and help manage the patching and update process in the most efficient way.
Key steps include:
• Know what devices you have in your network: You could do this virtually or physically depending on how large or complex your sites are. This will ensure you capture every device that may need an update from a vendor.
• Carry out an audit of devices: Each device runs firmware or software that is required for it to function correctly. Check each firmware and/or software level and visit the vendor’s website to ensure you are running the latest builds.
>See also: What will define the future of Wi-Fi?
• Have a robust patching process in place: Most businesses do not want to disrupt their users from their day to day job but you need to keep your business data secure so implementing a patching process that accommodates both points is vital, as leaving your systems vulnerable is never an option.
• Enforce proper Change Control processes: Before updating any firmware or software, capture backups of configurations prior to upgrading. Test the rollout on a small sub-section of your environment first before rolling it out to the rest of your network and infrastructure.
While a process such as this creates additional workload for IT teams, it forms the basis of a best practice approach. For businesses who rely on external services providers to for compliance and security, it’s important that these providers have the resources – including support teams and automated services – to keep their environments safe.
This allows users to focus on their day jobs while service providers and partners focus on the challenge of keeping the technology working for their customers.
To ensure patch levels are consistent across all devices, utilising an automated patch management solution, such as Microsoft System Center or Chef, allows all assets to be updated securely and provides a uniform approach to compliance whilst adhering to best practices.
Undoubtedly, we’ll hear much more about the KRACK exploit in the coming days and weeks, including the inevitable examples of organisations who have lost important data as a result.
The full range of vendor updates and patches will appear at different times, so it’s going to be very important to be organised and thorough to make sure that all the ‘holes’ that could be exploited are plugged.
Sourced by Rowan Troy, Security Solutions director, Six Degrees Group
The Women in IT Awards is the technology world’s most prominent and influential diversity program. On 22 March 2018, the event will come to the US for the first time, taking place in one of the world’s most prominent business cities: New York. Nominations are now open for the Women in IT USA Awards 2018. Click here to nominate