KRACK – Key Reinstallation Attacks against WPA2

Recently released at http://www.krackattacks.com – a serious weakness in WPA2 has been found by the team there.   For all the heavy technical details, go there.

The krack itself basically hacks the encryption ITSELF within the Wi-Fi WPA standard, when clients negotiate, they perform a multi-step encryption key.   By recording, and replying some packets, we can trick devices into using encryption keys more than once – which means now we can decrypt their traffic, and/or hijack TCP sessions and inject traffic into the network.

The key here is that we are attacking CLIENTS – not infrastructure, so we can go after an individual client and steal their data.    This means the majority of the updates will be against CLIENT operating systems.

The bottom line is that here is what you need to know.

  1.  The vulnerability means almost all modern Wi-Fi networks are affected, doesn’t matter if you have WPA1, WPA2, AES, it is all affected.  The issue is in the actual standard.
  2. The only way to protect yourself against the vulnerability – is a code related update
  3. Some attacks are better than others, Android and Linux are apparently quite badly affected, and give up their encryption easily.  Others can be done, but are more of a challenge.
  4. If you are using HTTPS or other encrypted methods on your device, this will protect you.
  5. Update your equipment, especially client operating systems as soon as possible
  6. Disable Wi-Fi if you are in a sensitive environment.

Justin’s Thoughts

This is a problem, but for many this is a bump in the wire.    Wait am I crazy for saying this?     In our modern world you shouldn’t be trusting your network anyway – yes that is right, trust no-one.   Even your corporate LAN.  We think nothing of connecting at a Starbucks, or at home where our children have virus-laden machines.  Why would we trust the wild west that is the corporate LAN/Wi-Fi these days.  Especially when you consider that most attacks these days occur inside.

Network-as-an-enforcer, Network-as-a-sensor – technologies like StealthWatch, these types of technologies continue to be extremely key in the safety and security of our networks.     Technologies that watch for strange behavior (like duplicated key packets) and protect against replays.     Would these types of technologies saved you here?   I cannot speak to that right now.

How many times do we need to say this – security is a multifaceted, multi-layer approach.   You must never rely on a single security layer.   We run HTTPS, we use client-side AV, client-side firewalls.    Client devices should already protect themselves against attacks or vulnerabilities that exist in the network domain.

If you are being responsible, operating your networks and infrastructure in a responsible manner, this shouldn’t be a big deal for you.    I would still go and update your networks ASAP, but if you are following best practices in your network, you should be ok.

Advertisements

Cisco Champions Radio at Cisco Live! – Cisco TacOPS

Back in June at Cisco Live, we launched a special edition of Cisco Champions Radio, and with never before access to basically any Cisco resource, we grabbed the best of the best and the coolest Cisco peep’s and brought them into the Podcast Domain at Cisco Live.

Grab the episode here!
https://blogs.cisco.com/perspectives/ciscochampion-radio-s4ep12-cisco-tacops

In this episode, we interviewed Sue-Lynn Hinson from the Cisco TacOPS and talked about how they were founded, all the cool stuff they do, and what TacOPS does in the downtime.  Is this your dream job?   Yes, it is for many of us.   So we completely nerd out, and talk to Sue-Lynn about without question (IMO) the best job in Information Technologies in the world.

My amazing Co-Host for this was Aaron Conaway @aconaway

Image result for Cisco TACOPSImage result for Cisco NERVImage result for Cisco TACOPS

 

Cisco Connect Toronto with Chuck Robbins

In a splash we are not used to seeing it has been announced that at Cisco Connect Toronto on October 12 (Also known as “Mini Live”) – the keynote speaker will be Chuck Robbins.

chuck_robbins_cisco_ceo.0

In the past the Cisco Canada President – currently  Rola Dagher would keynote this event, but this year with Chuck Robbins coming on site, I think we will see an increase in attendees.

But will Chuck Robbins upstage Rola Dagher?   Will they stand side by side on stage?   Will Chuck and Rola have sit down and talk about technology and specifics about Canada?

This could be a pivotal moment in history for Cisco Canada – as in the past, the great white north has felt cut off from the super power that is Cisco USA.   With Chuck coming here, it may give customers a feeling of connection back to the mother-ship in California.

No doubt the focus of conversation from Chuck Robbins will be DNA-Centre, SD-Access and Catalyst 9K technologies – but how will he customize the keynote for the Canadian audience.

I will be there – and will bring reaction back to the blog.

Information on the event CLICK HERE

 

Meraki changes cloud IP’s

 

Some customers have very stringent outbound firewall rules (Oh, and good on you by the way!) – just an FYI, Meraki is about to change the IP’s of their back end gear on some of their shards.

In an email to customers blasted out from the green heavens today, Cisco/Meraki let customers know that they are going to make some changes in the back end with different control IP addresses.

The good news is that if you forget, or don’t make the change your network will not go down, but you won’t be able to make any changes to configuration, and use data will be cached.

So, go ahead and make that change now before you lose connectivity.     This comes after Meraki had some block storage issues a few weeks ago which saw some configuration data impacted.   This may be part of the remediation and resiliency upgrades to deal with that situation, but I don’t know and cannot confirm (Looking into it).

 

MerakiLogo

Dear Meraki Customer,

As part of ongoing efforts to improve the performance and resiliency of the Meraki Cloud we will be changing the IP addresses used by Cisco Meraki devices to contact the Meraki Cloud.

In order to ensure that customers have time to make these updates, the change will take place 8 weeks from first notice, or after all affected networks have updated their firewalls, whichever comes first. You can prepare for this change by opening up access in your firewall to the IPs and ports listed on your organisation’s Firewall Information page ( https://dashboard.meraki.com/manage/support/firewall_configuration ).

Your Meraki network will continue to operate, but your Meraki devices may experience degraded performance and connectivity to the Meraki cloud if your firewall rules are not modified to include the IPs and ports listed on that page.

 

If you have any questions regarding this message, please contact Meraki Support at support@meraki.com or +1-415-632-5994.

The FlightChops teams reaches 100K Subs!

So many of you know I am good friends with Steve Thorne from www.flightchops.com and also his amazing YouTube channel located HERE

I want to take this moment to congratulate Steve and his team for reaching 100K subs, as of this writing he is actually at 107K.   This has been an amazing story about someone who was passionate about a topic, took that online in their own way.   People attacked Steve alot in the beginning, and even now for posting mistakes, troubles and pitfalls of learning to fly but the truth is – that is what made his channel popular.

Sponsors have taken note, and big names too like Bose and ForeFlight have put some support behind Steve.  Even with the big name support he still receives a significant contribution from Patreon (including me) and he never forgets those who got him here, by running many contests for everything from Bose Aviation headsets to a San Juan Islands Adventure trip!

Content is king – bottom line – and Steve and his team of editors and videographers have amassed a ton of content and gone from twice monthly to sometimes 4 times per month publishing this amazing content.      Steve continues to do this his way, and sponsors do not impose on content.   His “day job” of video and media production has brought a significant professional flair and production quality to his episodes and that production quality has been steadily increasing.

Will this ever reach “Mainstream” television?  You mean YouTube isn’t mainstream?   I would appear to me that the likes of “Outdoor Network” are only interested in fake shows auctioning off storage units sadly.

So if you are a private pilot, or just an airplane nerd like me – go and check out his humble little channel and I promise you will learn something along the way, as Steve says “Keep your Flight Chops Sharp!”

Congrats again Steve on your channels success!

Denise “Fish” Fishburne Designing new security focused “Network Detective Series”

If you have read my blog, you know I am a huge fan of Denise “Fish” Fishburne’s sessions, not only because Fish is an amazing dynamic speaker but these are not your typical sessions.

The Network Detective Series has been well reviewed, both here on my blog, and on other blogs.  If you are new to networking, and even old to networking this series will make you a better troubleshooter. Check it out HERE.

Screen Shot 2017-06-29 at 8.35.20 AM.png

During the event it was well known that “The Network Detective” series was ending this year as Denise transitioned to a security focus. In a series of tweets during Cisco Live, Denise announced that “Techniques of a Network Detective” will continue next year.

 

Screen Shot 2017-06-29 at 8.50.52 AM

networkdetective-229x229

In an adhoc interview after the Cisco Live Customer Appreciation Event we learned that not only will Network Detective continue with fresh content for Cisco Live! in 2018, but after that the old content will hit the floor and a new Security Content / Focused version of “Network Detective” will launch for 2019.

You know I will be there, front row to hear all the new “Techniques of a Network Security Detective” and will report back here.