Search
WPA2 Key Reinstallation Vulnerabilities (KRACK) Explained
Posted by Hemant Chaskar on Oct 16, 2017
WPA2 Vulnerability.png

Researchers from the University of Leuven (@vanhoefm and team) have discovered flaws in WPA2 implementation in clients and APs. These flaws create vulnerabilities for replay and decryption attacks on packets transferred over WiFi links. They have named them KRACKs (Key Reinstallation AttaCKs). Both 802.1x (EAP) and PSK (password) based networks are affected. These vulnerabilities have been cataloged under 10 CVEs. In the series of videos below, I explain these CVEs in detail with Vivek Ramachandran, Founder and CEO of Pentester Academy.

Posts by Topic

see all
free-on-demand-webinars.png
WPA2 Vulnerability.png
WPA2 Key Reinstallation Vulnerabilities (KRACK) Explained
Posted by Hemant Chaskar on Oct 16, 2017

Researchers from the University of Leuven (@vanhoefm and team) have discovered flaws in WPA2 implementation in clients and APs. These flaws create vulnerabilities for replay and decryption attacks on packets transferred over WiFi links. They have named them KRACKs (Key Reinstallation AttaCKs). Both 802.1x (EAP) and PSK (password) based networks are affected. These vulnerabilities have been cataloged under 10 CVEs. In the series of videos below, I explain these CVEs in detail with Vivek Ramachandran, Founder and CEO of Pentester Academy.

Getting on the WiFi Freedom Trail with Open AP Standards
Posted by Hemant Chaskar on Feb 10, 2017

In the past, the “open revolution” became ingrained in our lives in the form of open source software. Now it is coming to infrastructure components in the form of hardware-software disaggregation.

What is Hardware-Software Disaggregation?

Disaggregation breaks vendor lock-in between infrastructure hardware and function-enabling software. The approach is to standardize interfaces between the two. Standardization of disaggregation started with OCP (Open Compute Project) founded by Facebook. Now, OCP has vendors across the industry as active participants. OCP’s first focus areas was scale computing. Disaggregation for data center compute and storage turned out to be a big success as many vendors today provide OCP based server technologies.

Internet-things-indoor.jpg
Low Power IoT Integration with WiFi Access Points
Posted by Hemant Chaskar on Jan 5, 2017

Local wireless connectivity is critical for IoT. Early IoT applications such as appliances remote control have used WiFi due to its prevalence in homes and offices. That said, WiFi is not suitable for many other IoT applications, particularly those requiring low power operation on coin batteries. Also for many IoT applications, WiFi data rates are much higher than needed. WiFi also does not provide elegant approach to create self-organizing mesh network of IoT nodes. These gaps are filled by Zigbee, Thread and BLE.

half-secure.png
The Half-Truth of SSAE 16 Certified Data Centers
Posted by Hemant Chaskar on Aug 17, 2016

To assure customers about security, vendors of cloud managed WiFi often tell their customers that they use “SSAE 16 certified data centers.” It is essential to drill down into this claim, else it stands the risk of being a half-truth, and as Mark Twain once said, “A half-truth is the most cowardly of lies.”

802.11ax: Optimistic CSMA for Efficient Channel Reuse in WiFi
Posted by Hemant Chaskar on Jul 9, 2016

802.11ax is the new 802.11 standard currently in the making. Unlike earlier 802.11 standards that mainly focused on increasing raw link speeds, the design objective now is to increase airtime efficiency. One feature it introduces is OFDMA (Orthogonal Frequency-Division Multiple Access) to address the airtime inefficiency caused by short WiFi frames. The other is dynamic sensitivity control, which modifies traditional CSMA (Carrier Sense Multiple Access) to address airtime inefficiency caused by co-channel interference during channel reuse.

Why Your Access Points Need a Third 2x2 11ac Radio for Security
Posted by Hemant Chaskar on Jun 21, 2016

WIPS monitoring requires scanning all WiFi channels in round-robin fashion to detect threats and vulnerabilities. This scanning can be in one of two forms:

  1. background scanning, in which a radio that provides WiFi access service intermittently scans off-service channels, or
  2. dedicated scanning, in which a radio is dedicated to security and does not provide WiFi access service.

For enterprises that desire strong WIPS security and/or those that deploy real-time applications, background scanning isn’t adequate for the following reasons:

Three Security Scans that Cloud Networking Vendors Must Do for You
Posted by Hemant Chaskar on Apr 20, 2016

Early adopters of cloud managed networking (WiFi in particular) cited simplicity of deployment, ease of management, and favorable economics as key benefits of this architecture. While these benefits continue to hold true and improve by the year, I now see increasing awareness among customers about the security posture of the cloud. Part of the reason may be that cloud networking architecture is now transcending from niche to mainstream, even encompassing bigger enterprises and large service providers. As this happens, there are a growing number of cases where security departments in organizations weigh in on major infrastructure decisions.

What’s Next for Cloud Managed WiFi?
Posted by Hemant Chaskar on Apr 12, 2016

Necessity is the mother of innovation. Cloud managed WiFi was born out of the need to provide a management plane for controllerless WiFi, and provided additional benefits of reducing network TCO via economies of scale, multi-tenancy, and simplicity of administration.

Having come thus far, the question now is: What lies ahead for cloud managed WiFi? What are today’s needs that will drive the next wave of innovation?

802.11ax: Fighting the Menace of Small Frames for Efficient WiFi
Posted by Hemant Chaskar on Apr 8, 2016

802.11ac Wave 2 is rising fast, as legacy 802.11n networks are upgraded. Current 802.11ac Wave 1 networks may not upgrade to Wave 2 right now, but by the time these networks have hit their typical 4-5 year lifespan, the next WiFi standard will be available: 802.11ax.