Search
WPA2 Key Reinstallation Vulnerabilities (KRACK) Explained
Posted by Hemant Chaskar on Oct 16, 2017
WPA2 Vulnerability.png

Researchers from the University of Leuven (@vanhoefm and team) have discovered flaws in WPA2 implementation in clients and APs. These flaws create vulnerabilities for replay and decryption attacks on packets transferred over WiFi links. They have named them KRACKs (Key Reinstallation AttaCKs). Both 802.1x (EAP) and PSK (password) based networks are affected. These vulnerabilities have been cataloged under 10 CVEs. In the series of videos below, I explain these CVEs in detail with Vivek Ramachandran, Founder and CEO of Pentester Academy.

Posts by Topic

see all
free-on-demand-webinars.png
Auto Packet Capture, Where Have You Been All My Life?
Posted by Robert Ferruolo (Dr. RF) on Aug 8, 2017

You can tell how long someone has been troubleshooting networks by the length of their arms. Orangutans like me have been doing it a long, long time.  I started with a sewing machine sized Network General luggable that I carried around the world. Now I have to stand up very straight  to keep my knuckles from dragging on the ground.

Mojo’s Cognitive WiFi platform - Aware, saves network engineers from having to have shirts specially made because it includes Auto Packet Capture.

Aerohive, Aruba, Cisco, Meraki, and Ruckus Let Users Suffer with Interference
Posted by Robert Ferruolo (Dr. RF) on May 11, 2017

How often do you say “Wow, this WiFi is great!”? WiFi is like a utility, you take it for granted until the lights don’t turn on or water doesn’t come out of the tap. Just like the electrical grid or the water infrastructure, WiFi takes planning to implement correctly and maintenance to keep running smoothly.

The great news is that WiFi keeps getting smarter and Mojo is leading the way with Cognitive WiFi™. An example of our dedication to excellent user experience is how the C-130 uses its third radio and Dynamic Channel Selection (DCS) to quickly, reliably, and automatically detect disruptive interference.

We recently performed a benchmark test to see how well access points avoided channels with high WiFi and non-WiFi interference on boot up and during operation. We evaluated how well the AP avoided interference and how user experience was impacted.

The Mojo C-130 was the only access point to avoid interference 100% of the time, on both boot up and when introduced on the operating channel. All other solutions failed to avoid a channel with a constant interference source that made the channel unusable, or failed to change channels when the channel utilization got so high that it severely impacted the user experience.

User experience was evaluated using the following quality score rating system:


mojo-ruckus-aruba.png
What Drives Great WiFi Access Point Performance? Hardware Components and Software Architecture.
Posted by Robert Ferruolo (Dr. RF) on Sep 20, 2016

Why don’t most enterprise WiFi access point vendors tell you what’s inside their AP? They don’t publish which WiFi chipset the AP uses, or the CPU specification. At best they state the amount of RAM. When you evaluate APs for your deployment, you should consider hardware components. Hardware components and the software running on it will impact the AP’s performance and user experience. The test results below demonstrate this.

Ruckus R710 Mojo C-120 distributed client benchmark test
Mojo C-120 Accepts the Ruckus R710 BeamFlex Challenge
Posted by Robert Ferruolo (Dr. RF) on Sep 15, 2016

While doing research on the Ruckus website for the R710, I noticed the statement of “Up to 2 times extended range and coverage with Ruckus BeamFlex technology.” Challenge accepted! To evaluate this claim we used a distributed client test, which determines the AP’s downstream performance when its clients are spread near and far, from excellent to marginal signal strength and points in between. This test simulates the performance of the AP in a typical enterprise, carpeted environment.

test-results-mojo-aerohive.png
Benchmark: C-120 vs. Aerohive AP250 in the Classroom
Posted by Robert Ferruolo (Dr. RF) on Sep 14, 2016

WiFi is a Utility, and Needs Capacity Planning

When is the last time you said: “Wow, this WiFi is great!”? You don’t really notice it when it works. You are more likely to say: “This WiFi is crap” when it doesn’t meet your expectations. WiFi is no longer a convenience, it’s an essential utility like electricity. You would like it work every time and without hesitation, like turning on a light.

Like the power grid, one of the biggest challenges in designing a wireless network is capacity planning. The goal of capacity planning is to determine how many access points are needed to provide a good user experience. Deploying too many APs is a waste of money and can make performance worse, but deploying too few will cause user experience problems (the equivalent of brownouts) when an AP becomes oversubscribed.

Meraki MR53 MR42 benchmark performance test
Benchmark: The 4x4 Meraki MR53 vs. the 4x4 Mojo C-120
Posted by Robert Ferruolo (Dr. RF) on Sep 8, 2016

In a recent blog post we compared the performance of the Mojo C-120 to the Meraki MR42. In that blog we highlighted results of a test we ran last spring. When we test, we test the best of the competition with the latest software and published best practices at that point in time. When that test was run, the MR42 was the best Meraki had to offer. Once Meraki made the MR53 available, we tested it and here are the results.

meraki-mr42-download-benchmark.png
Benchmark Test: Meraki MR42 vs. Mojo C-120 Download Throughput
Posted by Robert Ferruolo (Dr. RF) on Sep 1, 2016

Mojo Networks provides a great K-12 solution by covering the three S’s for education – Safety, Simplicity, and Savings. We provide safety with the best WIPS solution in the industry. Our cloud managed WiFi stretches E-Rate dollars, saving the unnecessary cost of controllers, and our pricing eliminates expensive AP markup. Our automatic AP configuration couldn’t be simpler. I’d like to add a fourth S to this line-up: Speed.

HD Video Streams: How Many Can Your AP Support?
Posted by Robert Ferruolo (Dr. RF) on Aug 30, 2016

The classroom paradigm continues to shift as new technology is adopted. Long gone are the days of watching a movie in class by threading the film from one reel, through the projector, onto the other reel. Film was replaced by videotape, which was replaced by laser disks and then by DVDs. The new classroom instruction model includes HD video streamed wirelessly on demand from a local/regional distribution server (or from the web) to each student, who has their own computer or tablet.

The latest paradigm is much more personal and interactive, which greatly increases the number of clients (tablets, laptops, and smartphones), the client density, the different types of applications, and the requirements and bandwidth those applications. In order to be able to support this shift, many parts of the school’s IT infrastructure must be updated, especially the wireless LAN.

benchmark test results Aruba IAP-325
Comparing Aruba IAP-325 802.11ac Wave 2 Performance to Mojo C-120
Posted by Robert Ferruolo (Dr. RF) on Aug 24, 2016

Mojo C-120 Dominates, Aruba IAP-325 Lags in Campus WiFi

When we do competitive performance testing, we expect the premiere APs from our competitors to be in the same ballpark. We were quite surprised at the poor showing of the Aruba IAP-325 in the 50 client, mixed application test. The Aruba IAP-325 performed on par with the Mojo C-120 for the video and voice clients, but at the expense of the data clients where only 40% met the 1 Mbps minimum data throughput standard.