Goodmorning fellow sysadmins! 🙂
A lot of you that I know manage small networks for your home, church, family business or small business. Many of you may not consider yourselves sysadmins, but as you’re the only ones with passwords to the router and computer, you are effectively acting the role. If this matches you in any way, please keep reading.
This morning, technical details were published on a reliable method (called KRACK) to break the WPA2 encryption algorithm. WPA2 is used to encrypt wireless traffic on networks. Hackers exploiting the vulnerability will be able to decrypt network traffic from WPA2-enabled devices, hijack connections, and inject content in at the network layer. (http://www.tech-faq.com/wp-content/uploads/2009/01/osimodel.png)
WPA2 has for years been the preferred method of wireless network encryption. If you are using a wireless network anywhere, it is almost certainly using WPA2. You can read more on the vulnerability and attack here https://www.krackattacks.com/ and here http://www.zdnet.com/article/wpa2-security-flaw-lets-hackers-attack-almost-any-wifi-device/.
Should you panic?
If all that you use your wireless network for is connecting to it from smartphones and laptops, probably not. The vulnerability is one that is on the client side, not router side; while I haven’t checked, it’s likely that Android, iOS, Windows, Mac, Linux-based distros and others have developed or are developing patches for WPA2 devices and publishing them. Additionally, any website you visit or download data from that uses an HTTPS connection (look for the https://www.site.com in your URL bar) encrypts data with an additional layer of security that hackers using this exploit would not be able to read. You may have noticed by now that this blog is not using HTTPS; however this blog does not require you to send any sensitive credit card or personal information, so your risks are minimal. Do make sure to check for software updates on your devices if you’re still worried. Actually, do make sure to check for software updates on your devices even if you aren’t worried. Yeah, that would be good.
If you use wireless networking for connecting printers or servers or if you use mixed networking (eg. wireless networking for printers or other devices + wired networking for servers or other devices), then yes, you may go ahead and start to quietly, low-grade panic. Picture this: your 7-year-old laser printer, the most economical option at the time, is set up to connect to your network via wireless since it’s in a different room from your router. This printer is no longer supported by the manufacturer, and even if it was, it never checks for or installs updates automatically. Now, you have a fileserver or file sharing system set up internally via a Windows workstation environment or via FTP. Neither of these are terribly secure, but they’re easy to set up, and since only people who can connect to the network can access these, you’re good right?
Well, not anymore. A hacker with malicious intent can now hack the connection you have through your printer (remember the vulnerability is on the client side, so even if your router is patched you may still be vulnerable). From hacking the connection, they can send requests to your internal network or steal information to connect to your network. Voilà ! They can now access all the files you have internally shared or stored on your fileserver. And believe me, there are other things they can do as well.
What you do with this information is up to you, but taking the following steps will help no matter what kind of network you are running. Some of these you should be doing anyway, but if you aren’t, now’s a good time to start doing them:
- Make sure your router is up-to-date. Start checking for patches on it regularly if it isn’t automatically updating.
- Make sure all your devices are all downloading and installing updates as well.
- Make sure every older device or any device that you aren’t sure about whether it is up to date or not is disconnected from the wireless network. Reconnecting it via a wired network won’t pose any vulnerabilities.
- If you can, disabling the wireless network if you aren’t sure what to do yet doesn’t hurt.
- If you give the wireless password to people who aren’t part of your organization, update the wireless password. You can’t be sure if their devices are up-to-date or not. Make sure to set up a guest network for these kinds of people in the future, and make sure guest network traffic is isolated from your main network.