WI-FI VULNERABILITY - WPA & WPA2 REQUIRE UPDATES

Wi-Fi Key Reinstallation Attack “KRACK” Update: Protecting Unpatched Devices

By Chris Warfield on Oct 20, 2017 02:45 pm

Summary
On October 16, 2017, security researchers announced several vulnerabilities in the WPA/WPA2 encryption protocol that affect countless Wi-Fi enabled devices worldwide. As a result of KRACK, Wi-Fi data streams, including passwords and personal data, can be intercepted, decrypted, and modified without a user’s knowledge. This security flaw means that, for vulnerable clients and access points, WPA- and WPA2-encrypted Wi-Fi traffic is potentially exposed until certain steps are taken to remediate the issue.

Presently, there are 10 known vulnerabilities that comprise KRACK. WatchGuard is providing patches for all of our affected products. For non-WatchGuard devices, users should refer to their vendor’s website and security advisories to determine if they are affected, and if updates are available. Even though most companies will provide patches, it’s likely that unpatched devices will interact with your network and expose you to risk. WatchGuard offers additional methods to protect unpatched client devices from KRACK.

How to Mitigate KRACK
The steps below describe recommended actions to protect your network from KRACK vulnerabilities in various scenarios, including from unpatched client devices.

1. Update your access point (AP) firmware (10/30/17)

  • WatchGuard will provide patches for all supported APs and tabletop appliances with embedded wireless APs.

2. Enable “Mitigate WPA/WPA2 key reinstallation vulnerability in clients” feature. The AP can compensate for the unpatched clients with this setting enabled. Mitigation is recommended only until all clients are patched.

  • AP managed by GWC: Available for the AP120, AP320, AP322, and AP420 with the upcoming 10/30/17 patch.
  • AP managed by Wi-Fi Cloud (link to WatchGuard Knowledge Base article is below).
  • Firebox with built-in Wi-Fi: Available on the T-10W, T-10W, and T-50W with TBD firmware update.
  • In a small percent of cases, mitigation may exacerbate client connectivity issues in environments already suffering from weak signal coverage or high interference.

3. Enable “AP MAC Spoofing Prevention” setting in Wi-Fi Cloud WIPS policy.

  • AP managed by GWC: manage your APs with a Wi-Fi Cloud license and acquire dedicated WIPS sensors for your environment.
  • AP managed by Wi-Fi Cloud: enable setting in the management interface.

 

Additional Information

Three Minnesota-Based Firms Select NetDocuments Cloud Platform.

Three Minnesota-Based Firms, McCollum Crowley, Bassford Remele, and Zimmerman Reed Select NetDocuments Cloud Platform for Modern Document and Email Management.

Salt Lake City, UT – October 3, 2017 – NetDocuments, the leading cloud-based document and email management (DMS) platform for law firms and corporate legal departments, announced today that McCollum Crowley, Bassford Remele, and Zimmerman Reed selected NetDocuments for improved security, efficiency, and usability across their offices and legal professionals.

The drivers for the MN-based trifecta of firms making the switch to NetDocuments included the need for modern technology to support the firms’ cloud initiative, security and data protection requirements, and the productivity needs of an increasingly mobile legal workforce and client base. These value-drivers to move to the cloud are shared across the other 33 firms who selected NetDocuments in the last month.

“Our firm is built on the principles of quality, experience, and a proven record of putting our clients first – and we view technology as a key enabler of that,” Vanessa Kahn, Firm Administrator at McCollum Crowley, stated. “We take our technology investments very seriously, especially when it comes to mission-critical applications such as document and email management, client collaboration, and firm security. NetDocuments’ experience coupled with security and innovation through delivering a legal-specific service for nearly two decades, is the type of confidence and trust we need in a provider and partner. NetDocuments will eliminate IT complexity and allow us to operate more efficiently and securely while providing our people and clients with the usability and ‘anywhere productivity’ tools they need.”

Jeff Alluri, Principal and VP of Consulting at Element Technologies, a NetDocuments Certified Partner working with all three firms, commented, “We’re extremely excited to see these great Minnesotan firms take an innovative approach to technology selection that will not only enable them to continue delivering exceptional service to their clients, but will also protect their firm with best-in-class security and compliance and empower their legal professionals with the modern productivity tools they need. The rate and delivery of innovation with the NetDocuments platform is simply not possible with hosted or on-premises DMS technology available in the market today. We’re proud to be amongst the NetDocuments Certified Partner community and looking forward to helping more firms in the region modernize their practice with leading technology that delivers real business value.”

http://blog.netdocuments.com/en-us/three-leading-minnesota-firms/

 

Author: The NetDocuments Team

Equifax Phishing Attacks to be expected

Cyber criminals have stolen 143 million credit records in the recent hacking scandal at big-three credit bureau Equifax. At this point you have to assume that the bad guys have highly personal information that they can use to trick you. You need to watch out for the following things:

  • Phishing emails that claim to be from Equifax where you can check if your data was compromised

 

  • Phishing emails that claim there is a problem with a credit card, your credit record, or other personal financial information

 

  • Calls from scammers that claim they are from your bank or credit union

 

  • Fraudulent charges on any credit card because your identity was stolen

Here are 5 things you can do to prevent identity theft:

  • First sign up for credit monitoring (there are many companies providing that service including Equifax but we cannot recommend that)

 

  • Next freeze your credit files at the three major credit bureaus Equifax, Experian and TransUnion. Remember that generally it is not possible to sign up for credit monitoring services after a freeze is in place. Advice for how to file a freeze is available here on a state-by-state basis: http://consumersunion.org/research/security-freeze/

 

  • Check your credit reports via the free annualcreditreport.com

 

  • Check your bank and credit card statements for any unauthorized activity

 

  • If you believe you may have been the victim of identity theft, here is a site where you can learn more about how to protect yourself: www.idtheftcenter.org. You can also call the center’s toll-free number (888-400-5530) for advice on how to resolve identify-theft issues. All of the center’s services are free.

And as always, Think Before You Click!

Element Becomes Netdocuments Certified

Element Technologies, LLC, a leader in information technology services to law firms is proud to announce it is now a certified NetDocuments Partner. Element continues its commitment to lead the industry in technology services for law firms. “Today we have forged a partnership with NetDocuments to deliver best of breed cloud-based document management to the legal community”, Jeff Alluri, VP of Consulting. “Element’s focus on law firms and our highly talented group of technology experts have expanded our expertise in document management, document retention, and data security. Element is driven by our core values and the NetDocuments partnership is an extension of these values.”