Wi-Fi security issues – a 5 step guide on the Common Threats and how to manage them

Today’s Wi-Fi networks are now more secure than the typical wired network in the same building. While that may seem like a bold opening statement, today this is often the case.

It is true that WLANs got off to a chequered start 20 years ago, with attackers finding ways around the early security procedures and protocols in place. Consequently, though, the industry devoted a great deal of effort and innovation towards making WLANs much more secure – and they succeeded. There are, however, still challenges in securing any network.

As we know, wireless “leaks out” to the surrounding environment, which means passers-by can see and attempt to connect to any network they choose. As a response, we need to put steps in place to mitigate this threat. For wired networks, physical barriers with locks on the doors and containment physically within the building are the traditional wired networking means of defense. However, if a person with malicious intent is able to gain physical access, perhaps through social engineering, or tail-gating, a device can be connected and access gained which, then, is an opportunity for an attack to commence.

So how have WLANs been addressing security concerns? What has the result of all that investment and innovation been?

Wi-Fi Security Methods

The Gold standard is the use of Digital Certificates. This method is preferable because, unlike user-created passwords, certificates are virtually impossible to replicate. However, this method is also the most complex to deploy for the network administrator. Unless a friendly, user self-service Enrolment System is used to automate the authorization, creation, and distribution of certificates and secure WLAN setup for users can become a time-consuming task.

The Silver standard is a username and password-based authentication – often linked to a user database such as Microsoft Active Directory. This works well, but network administrators need to implement with care, making sure that proper server certificates are deployed to ensure users address a legitimate server, and that user passwords are suitably complex. Interestingly, both password complexity and frequency of change need not be as onerous as imagined and are well explained here.

We must accept that there will be a need to support some devices that cannot support the gold or silver methods. Such equipment often compromises devices that have crossed over from the home market to the workplace as digital transformation has taken hold – smart speakers, video streamers and casters, as well as other IoT devices. Limited to Pre-Shared Key authentication, in the commercial world, the use of a unique static key per device, called Dynamic Pre-Shared Key, provides enhanced security and limitation of a breach if one key is discovered.

2019 will see the introduction of a further security enhancement called WPA3. This new Wi-Fi security standard will replace WPA2, and improve the encryption strength and ease of setup of the methods discussed above.

Role Based Access – with a suitable WLAN infrastructure, the above access methods can map to user roles. Define what is allowed for a user type and apply rules accordingly. Roles provide a plethora of controls, from VLAN allocation, through to simple port and protocol-based firewall rules up to application-based recognition and control, including URL filtering.

via Ruckus

WPA2 security flaw puts almost every Wi-Fi device at risk of hijack, eavesdropping

A security protocol at the heart of most modern Wi-Fi devices, including computers, phones, and routers, has been broken, putting almost every wireless-enabled device at risk of attack.

The bug, known as "KRACK" for Key Reinstallation Attack, exposes a fundamental flaw in WPA2, a common protocol used in securing most modern wireless networks. Mathy Vanhoef, a computer security academic, who found the flaw, said the weakness lies in the protocol's four-way handshake, which securely allows new devices with a pre-shared password to join the network.

That weakness can, at its worst, allow an attacker to decrypt network traffic from a WPA2-enabled device, hijack connections, and inject content into the traffic stream.

In other words: this flaw, if exploited, gives an attacker a skeleton key to access any WPA2 network without a password. Once they're in, they can eavesdrop on your network traffic.

The bug represents a complete breakdown of the WPA2 protocol, for both personal and enterprise devices -- putting every supported device at risk.

"If your device supports Wi-Fi, it is most likely affected," said Vanhoef, on his website.

But because Vanhoef hasn't released any proof-of-concept exploit code, there's little risk of immediate or widespread attacks.

News of the vulnerability was later confirmed on Monday by US Homeland Security's cyber-emergency unit US-CERT, which about two months ago had confidentially warned vendors and experts of the bug, ZDNet has learned.

The warning came at around the time of the Black Hat security conference, when Vanhoef presented a talk on networking protocols, with a focus on the Wi-Fi handshake that authenticates a user joining a network.

The cyber-emergency unit has since reserved ten common vulnerabilities and exposures (CVE) records for the various vulnerabilities.

Cisco, Intel, Juniper, Samsung, and Toshiba are among the companies affected.

At its heart, the flaw is found in the cryptographic nonce, a randomly generated number that's used only once to prevent replay attacks, in which a hacker impersonates a user who was legitimately authenticated.

In this case, an attacker can trick a victim into reinstalling a key that's already in use. Reusing the nonce can allow an adversary to attack the encryption by replaying, decrypting, or forging packets.

Windows and latest versions of Apple's iOS are largely immune from the flaws, according to security researcher Kevin Beaumont, in a blog post.

However, Vanhoef said the security issue is "exceptionally devastating" for Android 6.0 Marshmallow and above.

via zdnet

Wi-Fi security may be cracked, and it's a very, very bad thing... Have we said that this is bad?

Wi-Fi, the wireless data transfer technology practically all of us use on a daily basis, is in trouble. 

The WPA2 security protocol, a widespread standard for Wi-Fi security that's used on nearly every Wi-Fi router, has apparently been cracked. 

The details on the security exploit, which is called KRACK, or Key Reinstallation Attacks, are to be released at 8am ET Monday on the site www.krackattacks.com.

But according to a new advisory by US-CERT, via Ars Technica, there are "several key management vulnerabilities" in WPA2, allowing for "decryption, packet replay, TCP connection hijacking, HTTP content injection." The worst part? These are "protocol-level issues," meaning that "most or all correct implementations of the standard will be affected."

We'll know more when the details about KRACK are released, but if it turns out that one can use this exploit in a fairly simple and reliable way, then this is one of the biggest online security threats ever.  

To see why, one has to go just a little bit back into the past. Wi-Fi used to be secured with a standard called WEP, which was found to be vulnerable to a multitude of attacks, many of which don't require the attacker to have physical access to the Wi-Fi equipment or even be connected to the network. Over time, tools that make these attacks simple have been developed, and now, if your Wi-Fi is protected by WEP, there's a choice of simple mobile and desktop apps that crack your password in seconds (no matter how long or complicated it is). 

Because of these issues, WEP was mostly replaced with WPA and, later, WPA2, which are far more secure. Though there were ways to crack a WPA2-protected Wi-Fi router, if your password was long and complicated enough, it made it a lot harder or nearly impossible to do. 

(For completeness' sake, one hacking tool, called Reaver, can crack WPA2-protected routers no matter the password, but it's fairly simple to protect your router — you simply have to turn off a feature called WPS.)

If this latest vulnerability is similar to the way WEP is vulnerable — and it looks like it is at the moment — then it won't matter how strong a password you chose. This would make hundreds of millions of routers out there, used by individuals and businesses alike, open to hackers. It would mean that, if you care about security, you should not use Wi-Fi at all until this is fixed. At the very least, you should use HTTPS connections whenever possible, and a good VPN might add another layer of security.

And fixes for these types of things don't come easy. Some routers will probably get a firmware update, but a lot of home users might not know how to apply it, or be aware that this is a threat. Again, going back to the time when WEP was cracked in 2001, it took years for ISPs to start shipping routers with WPA and WPA2 enabled as default, leaving many customers wide open to attacks.  

We'll know more after the announcement today; stay tuned for updates. 

WATCH: This guy has 1,500 passwords, and a few tips for staying secure

 

Wi-Fi-first Mobile Services and Impact on Mobile Carriers

Wi-Fi Technologies: Emerging Business Models

Consumer use of Wi-Fi is on a steep rise. With the coming 5G era, Wi-Fi's role as a core technology in service providers' network strategy will be further strengthened, but it will also face uncertainties as the use of unlicensed spectrums by mobile operators becomes more prevalent.

This industry report provides analysis of Wi-Fi technologies and emerging business models related to public Wi-Fi hotspot services.

Key Topics • Consumer use of Wi-Fi and hotspot services  • The entry of Wi-Fi-first mobile service providers and the potential impact on mobile operators' business  • New Wi-Fi standards and the growing use of Wi-Fi technologies in mobile operators' HetNet network strategy  • Global forecast of revenues from public Wi-Fi hotspot services targeting both consumers and business customers

Hilarious Wifi names

optimum wifi

optimum wifi

Access Video Sites

Bypass Work Restrictions. 100% Free - Download Now!

{KeyWord:VPN for WiFi}

Fast, Free, Secure VPN for WiFi.

Protect Your Data - Download Now!

See his secret online profiles now!

 

router spy software

router spy software

FTC Says Hotel WiFi is Dangerous

Recently, the FTC posted an article on their website stating that hotel WiFi is dangerous and that users should not assume that just because they pay for Internet access that their connection is secure.

We couldn’t agree more. In fact, I have been stating this fact since we launched PRIVATE WiFi nearly five years ago. This is an important topic because hotel travelers rank WiFi access at hotels as the number one amenity that they look for when booking hotel rooms.

Why Hotel WiFi is Dangerous

The FTC’s announcement is important because many travelers assume that using a WiFi network at a hotel is the same as logging into their network at home. That’s a dangerous view, because in actuality the risks in accessing a WiFi network at a hotel are exponentially greater than those experienced at home or in an enterprise setting.

Here’s the unvarnished truth about hotel WiFi networks: they are completelyunsecured. Here’s another fun fact: when hotel WiFi networks get hacked, they don’t usually find out until months after.

There are two kinds of risks you should be aware regarding hotel WiFi networks:

• All public WiFi networks are inherently insecure. Nothing new here, as I have been saying this for years, but it bears repeating: if a WiFi network is public, that means anything you do online can be tracked and captured. And this includes almost all hotel WiFi networks.
• Even fully wired Ethernet connections are unsafe. This means even if you are plugging your computer directly into the hotel’s network, you are still in danger of being hacked.

The truth is that it’s difficult to make public WiFi safe, and most hotels are trading security for a WiFi network that is easy to login to and provides them a steady revenue stream. These facts are reflected in the recent Marriott WiFi debacle, in which the hotel conglomerate intentionally blocked personal WiFi hotspots of all guests. The brand maintained that it was doing this to protect guest security on WiFi networks but in reality, they were looking to protect their bottom line.

No matter which hotel you stay, or whether the purpose of your trip is business or pleasure, security on WiFi is up to you.

What the FTC Says You Should Do to Protect Yourself

The FTC offers pretty good advice on what you can do to protect yourself when accessing a hotel WiFi network. Below are some of the tips they offer:

• When you have finished using an account, be sure to log out of that account.
• Do not use the same password for all of your accounts. It could give someone who gains access to one of your accounts access to all of them.
• Many web browsers alert users who try to visit fraudulent websites or download malicious programs. Pay attention to these warnings, and keep your browser and security software up-to-date.
• If you regularly need to access online accounts through public WiFi networks, you may want to use a virtual private network (VPN).

I couldn’t agree more with that last point. Only a VPN like PRIVATE WiFi encrypts all your Internet communication from being intercepted by others, whether on a WiFi or Ethernet network.

This is a good rule to live by: never rely on hotels (or any other WiFi provider) to protect you when you use their networks. Never assume that any network is safe, and especially don’t assume that just because you paid for access to it.

No one else is looking out for your security when you use WiFi networks. You need to protect yourself.

Will an 802.11ac Router Do Anything for My in Home Wifi

Will an 802.11ac router do anything for my in home wifi if the only device I have that uses a 5GHz antenna is my iPad 2? Even backwards compatible, the AC benefits are really only likely to be visible with 5GHz devices, right?

The iPad 2 does not support 802.11ac, only 11n.  So it will benefit from 5GHz on 11n at least.