Wi-Fi Alliance® has introduced three new enhancements to security of Wi-Fi, namely WPA3, Enhanced Open and Easy Connect.
Was it the seriously good chicken-fried steak at the all-night CityCafe after 12 hours of delayed ice-storm travel? (Just me and the nice cops at 4am.) Was it being featured on the local ABC news broadcast because I was there to judge the Alexathon? Was it the abundance of great locally-brewed IPAs, or the number of friendly people who smiled and said “hi,” just walking down the street? Or maybe the fact that almost every restaurant serves fried pickles?
In my last video blog on KRACK attack, I explained the technical details of workings and countermeasures for 9 out of 10 CVEs. The one I did not discuss in detail was CVE-2017-13088. At the time there wasn't enough information available on it and though it looked like the twin of CVE-2017-13087, due to differences between how group keys are distributed in MFP mode versus non-MFP mode, it required separate consideration. After receiving more details from the researcher (@vanhoefm), I am prepared to share information about CVE-2017-13088 and the appropriate countermeasures.
Researchers from the University of Leuven (@vanhoefm and team) have discovered flaws in WPA2 implementation in clients and APs. These flaws create vulnerabilities for replay and decryption attacks on packets transferred over WiFi links. They have named them KRACKs (Key Reinstallation AttaCKs). Both 802.1x (EAP) and PSK (password) based networks are affected. These vulnerabilities have been cataloged under 10 CVEs. In the series of videos below, I explain these CVEs in detail with Vivek Ramachandran, Founder and CEO of Pentester Academy.
We’ve Got Your Back.
Security is top of mind for IT teams, business leaders, and the general public. News of attacks, ransomware, and data breaches has become commonplace; most recently Equifax and Yahoo. Have you stopped to ask yourself: Is my WLAN secure? Have I done all that I can to ensure is it secure?
Witnessing ethical train wreck after train wreck in Silicon Valley, it’s easy to conclude that the quest for success at all costs is a recent phenomenon and one limited to startups.
Recently, I received a ‘Thank You’ letter from IEEE President & CEO for making a contribution to an IEEE fund that helps advance technology for humanity and realize full potential of IEEE. The IEEE President listed three areas of global concern – access to high speed Internet, adequate sanitation and electric power. Today Internet access is indeed as fundamental as having electric power and sanitation. This is reflected in policies across nations worldwide.
For instance, in India, Prime Minister Modi has outlined his vision for every Indian to have high speed access to Internet. Its akin to a Prime Minister laying out the vision for expressways for speedy and hassle free movement of vehicles across the country. A network of good roads and good communication infrastructure are critical to growth and prosperity. Hon. Indian Prime Minister is on the mark putting digitization along with ‘Swaccha Bharat’ as a top national priority.
In an emerging economy like India where wired network infrastructure is limited largely to urban areas, wireless Internet access is an attractive proposition. People love the convenience of wireless access even if the quality of connection is poor. You don't have to be glued to one place as it happens when using a landline phone or a computer connected to an Ethernet cable. Wireless access is ubiquitous as the entire space becomes the medium of communication. Governments around the world have recognized this as a national asset and have sold radio spectrum at a charge. While this creates revenue for governments, it can work against building affordable communication infrastructure. WiFi on the other hand operates in 2.4GHz and 5.0GHz radio spectrums that are unlicensed; one can operate in these frequency ranges without having to pay a license fee. This is very important as telecom operators, Internet service providers can build networking infrastructure using WiFi without having to pay for the spectrum. Coming to my road analogy, one needs a combination of toll roads and non toll roads. Both have their place in creating the infrastructure. In a country like India where sensitivity to pricing is high, WiFi will not only de-congest expensive licensed radio spectrum like 4G LTE but will reduce the cost significantly.
Smart cities and public hotspots are among the best known use cases of WiFi. However, many other innovative ways exist. For instance, top national colleges like IITs, NITs, IIITs and IIMs want WiFi across their campuses and spend considerable time and effort putting together vendors to look for this technology. There is a very good chance that requirements are largely the same for all of them and hence these need not be handled individually. A massively scalable WiFi Management Console that can manage WiFi at say top 100 national universities with a sharable architecture while giving flexibility to each university is feasible. The same approach can be used for smart cities, government departments and even Gram Panchayats. A unified approach for critical national digital infrastructure is efficient and possible with the current state of the art in WiFi technology.
While doing research on the Ruckus website for the R710, I noticed the statement of “Up to 2 times extended range and coverage with Ruckus BeamFlex technology.” Challenge accepted! To evaluate this claim we used a distributed client test, which determines the AP’s downstream performance when its clients are spread near and far, from excellent to marginal signal strength and points in between. This test simulates the performance of the AP in a typical enterprise, carpeted environment.
In a recent blog post we compared the performance of the Mojo C-120 to the Meraki MR42. In that blog we highlighted results of a test we ran last spring. When we test, we test the best of the competition with the latest software and published best practices at that point in time. When that test was run, the MR42 was the best Meraki had to offer. Once Meraki made the MR53 available, we tested it and here are the results.