ConnexusConnexus

  • Solutions
    • Managed IT Services
      • IT Support
      • IT Security
      • Cloud Computing
      • Business Continuity
    • Unified Communication
      • Horizon Cloud Telephony
      • Horizon Cloud Contact Centre
      • Microsoft Teams Direct Routing
      • Avaya Unified Communications
    • Connectivity
      • High Speed Internet
      • LAN, WAN & WIFI
      • Mobile
      • SIP Trunking
    • Managed Print
      • Single Function Printers
      • Multifunctional Devices
      • Managed Print Software
      • Ricoh Smart Integration
  • Schools
  • Case Studies
  • About Us
    • About Us
    • Management Team
    • Join Our Team
  • News
  • Contact
  • Portal
John Doyle
Wednesday, 25 October 2017 / Published in All News, Connectivity, IT Solutions

Protect Your Wireless Network from the KRACK WiFi Vulnerability

Protect Your Wireless Network from the KRACK WiFi Vulnerability

There’s a general feeling that WiFi is less secure than having a wired connection to the network. It could just be our perception that a signal travelling through air is easier to intercept than one moving across a physical Ethernet cable. When a new WiFi vulnerability is uncovered such as the one in WPA2 which Belgian researchers recently made public, it gets a lot of attention. And why not? After all, we use WiFi-enabled devices every day and most organizations provide WiFi to their employees, customers and guests. Therefore it’s reasonable to be nervous that your wireless access point may be at risk from KRACKs (key reinstallation attacks). But is this true for everyone?

In his blog, “Are There KRACKS in Your Wireless Network Security?” John Gordineer points out that SonicWall SonicWave wireless access points (APs) provide an extra level of protection against these attacks. Let’s take a closer look at how they do this. SonicWave APs provide something very few other access points on the market have – a third radio dedicated to security. Why is that important? Most access points have two radios. One operates in the 2.4 GHz frequency band and the other in the 5 GHz band. In order to perform security scanning for rogue APs, you need to take one of those radios away from its normal duties for a period of time. The problem is, this consolidates all wireless users onto a single radio, slowing the wireless performance providing a poor user experience. Now, you can schedule the scan for the middle of the night when there are fewer wireless users, but that’s like turning on a security camera for only 30 minutes each day. The odds that the attack occurs during this short window are pretty small. On the other hand, SonicWave APs use that third radio to scan for and block rogue access points 24×7 so you’re covered around the clock. If an unauthorized access point is detected it can be automatically disassociated from the network and traffic between the access point and clients will be blocked. Here’s how it looks in SonicOS, the firmware of the managing SonicWall firewall.

Let’s apply this to the WPA2 vulnerability that opens WiFi networks to key reinstallation attacks. Hackers within WiFi range can use KRACKs to steal sensitive organizational and personal information. To do this, the hacker attaches a rogue access point called an “evil twin” to the WiFi network, mirroring the MAC address and SSID of the real AP. Using certain techniques within the KRACK, the hacker redirects unpatched clients to connect to the rogue AP. Then, during the four-way handshake between the real access point and client device, the hacker launches a man-in-the-middle (MITM) attack and forces the client to reinstall an encryption key that’s been used already, something that the WPA2 protocol was thought to prevent. The WiFi client associates with the evil twin access point using unencrypted data transmissions making it easy for the attacker to read the communications.

SonicWave access points on the other hand protect against KRACKs in two ways. First, they don’t support the IEEE 802.11r Fast BSS Transition (aka fast roaming) which is vulnerable to KRACKs due to protocol deficiencies. And second, SonicWave access points use AES-CCMP for the key exchange, so the hacker cannot forge the key and join the network. To get around this, hackers may attempt to deploy an “evil twin” access point on a different WiFi channel to fool wireless clients into connecting to the rogue AP instead of the SonicWave AP. As I mentioned earlier, however, this won’t work with SonicWave APs due to the third radio which continually scans for and blocks rogue access points from connecting to the network using Wireless Intrusion Detection and Prevention. There’s even an option in the Wireless Intrusion Detection and Prevention settings to add evil twins to a list of rogue APs.

If you’re in the market for a new wireless access point check with the vendor to see if it comes with two radios or three like the SonicWave series. Having that third radio will provide you with a range of advantages you won’t get with standard two-radio APs including added protection against attacks like KRACK.

  • Tweet

What you can read next

Wireless & Mobile Access
What Is Horizon Collaborate?
Why You Need Secure Cloud Backup for Microsoft Teams

Category

Month

Recent Posts

  • Enabling Effective Voice And Video Collaboration For Microsoft Teams

    Enabling Effective Voice And Video Collaboration For Microsoft Teams

  • MAKING THE MOST OF TEAMS

    Making the most of Teams with the UK’s No.1 SIP provider

  • webchat

    Does your business have a webchat functionality? 

  • Merry Christmas and a Happy New Year

  • WHAT MICROSOFT TEAMS SOLUTION IS RIGHT FOR YOU?

Solutions
  • Avaya Cloud Office (ACO)
  • Connectivity
  • SIP Trunking
  • Cloud Computing
  • IT Support Gloucestershire
Useful Links
  • Case Studies
  • Customer Portal
  • News
  • Terms and Conditions
  • Privacy Policy
  • Cookie Policy
Contact Us

service@connexusuk.com sales@connexusuk.com
Contact Us: 01453 827700

Stay Connected

© Copyright Connexus Networks 2021. All Rights Reserved. Company No. 05454004

TOP
We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept All”, you consent to the use of ALL the cookies. However, you may visit "Cookie Settings" to provide a controlled consent.
Cookie SettingsAccept All
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
__stripe_mid1 yearStripe sets this cookie cookie to process payments.
__stripe_sid30 minutesStripe sets this cookie cookie to process payments.
AWSALBCORS7 daysThis cookie is managed by Amazon Web Services and is used for load balancing.
cookielawinfo-checkbox-advertisement1 yearSet by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Advertisement" category .
cookielawinfo-checkbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
CookieLawInfoConsent1 yearRecords the default button state of the corresponding category & the status of CCPA. It works only in coordination with the primary cookie.
PHPSESSIDsessionThis cookie is native to PHP applications. The cookie is used to store and identify a users' unique session ID for the purpose of managing user session on the website. The cookie is a session cookies and is deleted when all the browser windows are closed.
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
CookieDurationDescription
__zlcmid1 year__zlcmid is a cookie set by Zopim to help identify a user's chat session between page loads.
mailchimp_landing_site1 monthThe cookie is set by MailChimp to record which page the user first visited.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
CookieDurationDescription
_ga2 yearsThe _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.
_gat_gtag_UA_21263701_11 minuteSet by Google to distinguish users.
_gid1 dayInstalled by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously.
CONSENT2 yearsYouTube sets this cookie via embedded youtube-videos and registers anonymous statistical data.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
CookieDurationDescription
VISITOR_INFO1_LIVE5 months 27 daysA cookie set by YouTube to measure bandwidth that determines whether the user gets the new or old player interface.
YSCsessionYSC cookie is set by Youtube and is used to track the views of embedded videos on Youtube pages.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT
Powered by CookieYes Logo
Contact Sales