As news of the KRACK Wi-Fi exploit has emerged, the scale of the risk and potential impact of the vulnerability has created understandable levels of concern.
A reasonably simple flaw within the WPA2 protocol for Wi-Fi networks came to light yesterday, which under certain circumstances, and with a degree of technical know-how, allows the exploiter to ‘unencrypt’ and read messages sent over a “secure” Wi-Fi connection.
In order to take advantage of this flaw, the attacker has to be in range of the Wi-Fi network, so being physically close to the signal is required, and they will need to know of a device that is connected or able to connect to the exploitable network.
The attacker uses a technique known as a ‘Man in the Middle’ to perform the exploit and is then able to decrypt and read any conversation between the exposed device and the Wi-Fi access point passively.
4For most of us, we will have to wait until the vendors release updated firmware or software over the coming days and weeks before the risk can be fully removed. Expect the vendors to work hard but do not expect everything to be released in the blink of an eye. That doesn’t mean, however, that businesses should feel powerless or just wait until the patches appear before taking action.
In the meantime, there are a number of steps which can take immediately to get ready for this approaching headache. Acting now will help ensure that the security loopholes created by KRACK are fully closed, and help manage the patching and update process in the most efficient way.
4 key steps to manage and mitigate the KRACK Wi-Fi risk include:
- Know what devices you have in your network: You could do this virtually or physically depending on how large or complex your sites are. This will ensure you capture every device that may need an update from a vendor.
- Carry out an audit of devices: Each device runs firmware or software that is required for it to function correctly. Check each firmware and/or software level and visit the vendor’s website to ensure you are running the latest builds.
- Have a robust patching process in place: Most businesses do not want to disrupt their users from their day to day job but you need to keep your business data secure so implementing a patching process that accommodates both points is vital, as leaving your systems vulnerable is never an option.
- Enforce proper Change Control processes: Before updating any firmware or software, capture backups of configurations prior to upgrading. Test the rollout on a small sub-section of your environment first before rolling it out to the rest of your network and infrastructure.
While a process such as this creates additional workload for IT teams, it forms the basis of a best practice approach. For businesses who rely on external services providers to for compliance and security, it’s important that these providers have the resources – including support teams and automated services – to keep their environments safe.
This allows users to focus on their day jobs while service providers and partners focus on the challenge of keeping the technology working for their customers.