In any cybersecurity strategy, accounting for human error is essential. By some estimates, phishing attacks—in which a bad actor attempts to elicit personal information from a target using deception—account for roughly 90% of business security breaches. With the volume and sophistication of...
Wi-Fi Key Reinstallation Attack “KRACK” Update: Protecting Unpatched Devices
Summary On October 16, 2017, security researchers announced several vulnerabilities in the WPA/WPA2 encryption protocol that affect countless Wi-Fi enabled devices worldwide. As a result of KRACK, Wi-Fi data streams, including passwords and personal data, can be intercepted, decrypted, and modified without a user’s knowledge. This security flaw means that, for vulnerable clients and access points, WPA- and WPA2-encrypted Wi-Fi traffic is potentially exposed until certain steps are taken to remediate the issue. Presently, there are 10 known vulnerabilities that comprise KRACK. WatchGuard is providing patches for all of our affected products. For non-WatchGuard devices, users should refer to their vendor’s website and security advisories to determine if they are affected, and if updates are available. Even though most companies will provide patches, it’s likely that unpatched devices will interact with your network and expose you to risk. WatchGuard offers additional methods to protect unpatched client devices from KRACK. How to Mitigate KRACK The steps below describe recommended actions to protect your network from KRACK vulnerabilities in various scenarios, including from unpatched client devices.
- Update your access point (AP) firmware (10/30/17)
- WatchGuard will provide patches for all supported APs and tabletop appliances with embedded wireless APs.
- Enable “Mitigate WPA/WPA2 key reinstallation vulnerability in clients” feature. The AP can compensate for the unpatched clients with this setting enabled. Mitigation is recommended only until all clients are patched.
- AP managed by GWC: Available for the AP120, AP320, AP322, and AP420 with the upcoming 10/30/17 patch.
- AP managed by Wi-Fi Cloud (link to WatchGuard Knowledge Base article is below).
- Firebox with built-in Wi-Fi: Available on the T-10W, T-10W, and T-50W with TBD firmware update.
- In a small percent of cases, mitigation may exacerbate client connectivity issues in environments already suffering from weak signal coverage or high interference.
- Enable “AP MAC Spoofing Prevention” setting in Wi-Fi Cloud WIPS policy.
- AP managed by GWC: manage your APs with a Wi-Fi Cloud license and acquire dedicated WIPS sensors for your environment.
- AP managed by Wi-Fi Cloud: enable setting in the management interface.
- Learn more about the WatchGuard patch schedule, and the KRACK Common Vulnerability and Exposure (CVE) identifiers in our Product and Support Blog post.
- WatchGuard Knowledge Base article: WatchGuard Wi-Fi Cloud and the KRACK WPA/WPA2 wireless vulnerabilities.
- Read more about AP MAC spoofing prevention and Wireless Intrusion Prevention Systems (WIPS)
More General News Posts
How can organizations foster a workplace environment that enables employees to acquire the skills needed to keep cyber-threats at bay?Read now
In an increasingly complex and interconnected digital landscape, personal cybersecurity empowers you to protect your data, privacy and digital well-beingRead now
Original price $318.00 - Original price $318.00Original price$318.00$318.00 - $318.00Current price $318.00
The Ruijie Reyee RG-RAP6262(G) Wi-Fi 6 Outdoor Omnidirectional Access Point is a high-power outdoor omnidirectional dual-band access point provided...View full detailsOriginal price $318.00 - Original price $318.00Original price$318.00$318.00 - $318.00Current price $318.00
Original price $196.30 - Original price $196.30Original price$196.30$196.30 - $196.30Current price $196.30
Please note:- No PoE Injector Included- Due to chip supply shortages, the U6 AP's LED has been limited to only white and blue colour modes. The A...View full detailsOriginal price $196.30 - Original price $196.30Original price$196.30$196.30 - $196.30Current price $196.30
Original price $0.00 - Original price $888.08Original price $0.00$167.63 - $888.08$167.63 - $888.08Current price $167.63
The Access Point AC Mesh (UAP AC Mesh) is a high-performance, outdoor-ready, dual-band, 802.11ac WiFi access point than can reach a 1.1+ Gbps aggre...View full detailsOriginal price $0.00 - Original price $888.08Original price $0.00$167.63 - $888.08$167.63 - $888.08Current price $167.63
Original price $209.00 - Original price $209.00Original price$209.00$209.00 - $209.00Current price $209.00
Ruijie Reyee RG-RAP2260(G) is a high-performance entry Wi-Fi 6 AP for large indoor areas. This product is an ideal choice for many wireless scenari...View full detailsOriginal price $209.00 - Original price $209.00Original price$209.00$209.00 - $209.00Current price $209.00
Original price $338.63 - Original price $338.63Original price $338.63$343.51$343.51 - $343.51Current price $343.51
Please note:- No PoE Injector Included- Due to chip supply shortages, the U6 AP's LED has been limited to only white and blue colour modes. The A...View full detailsOriginal price $338.63 - Original price $338.63Original price $338.63$343.51$343.51 - $343.51Current price $343.51