cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
BrianKunick
Newcomer II

Wi-Fi / WPA2 Security Flaw - How to remain secure

You have probably heard a good deal about the earlier discovered and recently publicized flaw in WPA2 encryption used by WiFi providing devices. This flaw allows attackers in close proximity of your WiFi providing device to “read” your data from what you thought was a secured connection. This includes your home and cellphone WiFi devices.

 

Even if your WiFi providing device is vulnerable, and currently under attack, you can still safely use your WiFi signal, IF you do one of the following;

1.           Install and properly configure a personal VPN (virtual private network) client on every device using the WiFi connection. Example: PrivateInternetAccess.com

2.           Connect to your corporate/business systems by way of their Corporate VPN.

3.           Access ONLY web sites that are fully encrypted. These websites will have the httpS prefix to every website page.

 

Using any of these three ways to access your data is still safe despite the recent vulnerability. Each way makes your data “unreadable” to the attackers. Everyone should be using a personal VPN anyway to anonymize their Internet traffic. 

 

Update your WiFi device as soon as patch software becomes available.

 

Brian R. Kunick, is a CIO/CSO servicing the operational and security requirements of the enterprise.

18 Replies
BrianKunick
Newcomer II

Re: Wi-Fi / WPA2 Security Flaw - How to remain secure  
   

Brian, I like the point about using a personal VPN.  Do you have any recommendations on types of VPN?

 

 

I would recommend doing some research to find the one that you feel is best for you. 

 

All of my devices are secured with PrivateInternetAccess.com.  They are one of the only VPN's that do not collect and store any data regarding your data usage.  If nothing is stored, nothing can be compromised by someone else.  It seemed most of the other VPN providers do collect and store at least some data regarding your usage.  The price included up to 5 devices.

 

Let the group know what you decide to use, and which features you found most beneficial!

 

-Brian 

BrianKunick
Newcomer II


@mgoblue93 wrote:

I find #3 not practical at all.  There are plenty of legit sites needed for my work as a software developer, where I get patches, libraries, etc., which are NOT https.


This is a good reason to use a personal VPN such as PrivateInternetAccess.com. 

-Brian

BrianKunick
Newcomer II


@dan9126 wrote:
These are all good ideas in principle. Unfortunately in a large application where you have many diverse types of devices using WiFi for lots of reasons this just doesn't scale. And even if you could engineer it rolling it out quickly is almost impossible in any kind of production environment. Possibly good advice for home users but it doesn't seem like a practical solution for a work environment. Some other additional form of network access control that can be rolled out quickly that doesn't reach up to the application Level and impact installed software seems like a better approach. I know it's a kludge and not a complete fix but something like mac address whitelisting as part of a defense in depth. This might at least buy you a little time to come up with something more permanent and more rigorous.

This is a perfect reason highlighting the importance of using a personal VPN such as PrivateInternetAccess.com

-Brian

The_Red_Pill
Newcomer II

@BrianKunick

 

You seem to be pushing this website pretty hard.

Hacker
Newcomer II

Anyone knows if there is a list of patched WIFI devices posted online. For example, Apple router, Cisco, etc. 

I know I can go to their respective vendors. I thought I asked first, before making a list.

 

Cheers.

Cyber Security Officer
Web: QUE.com
Caute_cautim
Community Champion

In the home arena, given that New Zealand is 90% made up of Small to Medium Enterprises (SMEs) with up to 4 people only.  Although people are aware of the issue, there are only a number of options available:

1)  Change Router by purchasing another one - quite a few have taken this approach

2)  Request an update from their broadband supplier - probability - low

3)  Use web sites such as:  https://www.bleepingcomputer.com/news/security/list-of-firmware-and-driver-updates-for-krack-wpa2-vu... or forums

4)  Just hope they are not affected or live in a large block of land with a 300 metre gap around them.

5)  Just don't bother at all or that the approach of it just won't happen to me

6)  Or simply wait for a patch eventually.

 

 

Bruce
Newcomer I

I agree with your point "C" Many think I am inefficient turning my wifi on and off but it is a small step to take to ensure security.

 

Great points - thanks!

Caute_cautim
Community Champion

Thanks Bruce, no I don't think this iis nefficient, even my organisation suspend VPN connections, after a period of time, as a means of reducing the overall footprint. 

 

Regards

 

John


@Bruce wrote:

I agree with your point "C" Many think I am inefficient turning my wifi on and off but it is a small step to take to ensure security.

 

Great points - thanks!


 

JoePete
Advocate I

Good succinct advice, and it touched off a good discussion of some finer points, especially around HTTPS. But I think there is a wider perspective in all this. That is, never rely on an access point alone to secure your communications. The discussion is reminiscent of concerns over (wired) network security when people first started putting open access points into their offices.Securing the access points was really a distraction from the underlying issue, which was once inside a network, there was no security and never was. For all the intervening time, we still seem caught in the same Tootsie Pop mentality: Cover our soft and chewy networks with a single "hard" layer. We freak out when when someone bites into that hard outer shell, but the real problem is the lack of additional network encryption.