Your wireless network is no longer secure

A recently discovered vulnerability could allow attackers to access data you or your staff use while connected to your wireless network.  This is a major vulnerability as it affects anyone using the wireless encryption protocol WPA2, which is the most common used wireless security protocol. An attacker would be able to easily intercept data transmitted between a laptop or mobile device to your wireless access point allowing them to get information such as login details to websites, emails or even inject malware such as ransomware into websites tricking the users to become infected. The vulnerability labeled “KRACK is an acronym for Key Reinstallation Attack. According to KU Leuven's Mathy Vanhoef, the researcher who discovered the vulnerability. Vanhoef's findings were reported by tech site Ars Technica early Monday morning. Here's how and why the process and hack can happen, as described on Vanhoef's website: When a device joins a protected Wi-Fi network, a process known as a four-way handshake takes place. This handshake ensures that the client and access point both have the correct login credentials for the network, and generates a new encryption key for protecting web traffic. That encryption key is installed during step three of the four-way handshake, but the access point will sometimes resend the same key if it believes that message may have been lost or dropped. Vanhoef's research finds that attackers can essentially force the access point to install the same encryption key, which the intruder can then use to attack the encryption protocol and decrypt data. How to protect your business from KRACK Many IT companies have already released fix’s and patches/updates to combat this vulnerability. To protect your business from this, you need to apply fix’s and updates where possible to reduce your risk.  This includes:
  • Check to see if your wireless access point has an update/firmware which will protect you against this and perform the update. If your wireless access point does not have this update then its recommended to turn off your wireless. Or you can replace your wireless access points with a better model, we recommend Unifi.
  • Make sure all your computers and devices have the latest Microsoft Windows updates installed. Microsoft customers who have enabled Windows Update and applied security updates from Oct. 10 are automatically protected
  • Dont have your wireless network bleeding into your LAN, wireless should be on its own VLAN. This means having your wireless network isolated from any servers on your local network. If wireless users need to access the server then they should connect via VPN
How Onsite Helper is protecting its clients Onsite Helper clients who are subscribed to Managed Services will have their computers automatically updated to protect against this vulnerability. We also have a Managed Wireless package where we monitor and maintain a client's wireless network. From our cloud controller we will be rolling out this update throughout the day. You may notice the wireless go offline for half a minute as the access point gets rebooted once the firmware is installed. If your business isn't on our Managed Services or Managed Wireless products and your keen to find out more, please email enquiries@onsitehelper.com or call 03 9999 3106

recent posts

What’s Your Action Plan In Case of Cyberattack?

January 20, 2020

United in the Fight to Save Australia's Treasures & People

January 17, 2020

When you took their keys back, did you cancel their passwords, too?

December 04, 2019

What’s the best way to change your passwords? Often, and with best practices in mind.

November 27, 2019

How strong are your passwords?

November 22, 2019

How to Reduce your Internet Usage as a Company / Organisation

November 20, 2019

A New Way of Working with Microsoft Office Files

November 11, 2019

New G Suite Updates for Better Security & Efficiency

November 4, 2019

Google is the New Go-To Business Platform for SMBs

October 31, 2019

G Suite vs. Office 365: Which Cloud Office System to Choose?

October 18, 2019

5 Reasons Why Your Small Business Must Adopt the Cloud

October 14, 2019

Best practices to setup Google Drive for your organisation

SEPTEMBER 25, 2019

Benefits Of A G Suite Partner

SEPTEMBER 19, 2019

Australian Companies are Forced by Law to take Better care of their

SEPTEMBER 03, 2019

Google Drive: Backup & Sync VS File Stream

August 21, 2019

New Drive Update: Priority Page to Increase Focus & Productivity

August 17, 2019

Categories