On Monday, October 16, 2017 researchers released new information announcing a security vulnerability affecting encrypted Wi-Fi networks worldwide.
The vulnerability allows attackers to read Wi-Fi traffic between devices and wireless access points, and in some cases even modify the traffic to inject malware and malicious websites. Devices running macOS®, Windows, Apple iOS, Android, and Linux will be affected by this vulnerability.
The portion of Wi-Fi affected is within the 4-way handshake of the Wi-Fi Protected Access II (WPA2) security protocol. This is a popular protocol used to protect professional and personal Wi-Fi networks. Data that could be intercepted may include passwords, personal emails, and information typically deemed encrypted.
For those organizations that are not covered under our SafetyNet Managed or Enterprise programs, here are some simple steps your business can take to protect against this vulnerability:
- Apply this Microsoft security update immediately
- Ensure you are using supported operating systems and applications
- Apply the latest patches as soon as they become available (for all software and firmware applications)
- Ensure that all of your systems are protected by antivirus and anti-malware software, and ensure that the virus and malware signatures are updated automatically and consistently
- Conduct regular scanning of your network
If you feel this, and many other, vulnerabilities may be lingering within your infrastructure, you may consider bolstering your network with managed vulnerability scanning and patching tools. Click here to learn about SymQuest's Managed+ solution for your business.
We also recommend designing Disaster Recovery (DR) and strategic IT plans to mitigate future risks, and to ensure that if one safeguard fails, that others will still be there to protect you, your systems, and your information. Click here to learn about SymQuest's comprehensive security assessment which can highlight the areas of your network that need remediation.
For more information on the KRACK vulnerability visit https://arstechnica.com/information-technology/2017/10/severe-flaw-in-wpa2-protocol-leaves-wi-fi-traffic-open-to-eavesdropping/
To stay up to date on the latest news about network security and vulnerabilities subscribe to Tech Talk today.