Friday, March 29, 2024
-Advertisement-
Reimagining Public Sector Analytics
Reimagining Public Sector Analytics
HomeNewsInterviewsEnterprises must use hype cycle around KRACK vulnerability to push for network segmentation: Mike Fumai of AppGuard

Enterprises must use hype cycle around KRACK vulnerability to push for network segmentation: Mike Fumai of AppGuard

Follow Tech Observer on Google News

Enterprises should use this hype cycle around KRACK to persuade stakeholders to properly segment wired and wireless networks, if that has previously been opposed, says Mike Fumai, COO and President of AppGuard

Google News

Recently researcher Mathy Vanhoef of Belgian University, KU Leuven discovered serious weaknesses in WPA2, a protocol that secures all modern connection. He said that if not patched properly, an attacker within range of a victim Wifi network can exploit weaknesses using key reinstallation attacks (KRACK) to access sensitive information like Password and Credit Card details. Some of the big technology companies like Cisco, , Apple, Google and Netgear among others have started patching their exposed solutions. TechObserver.in M Kalam spoke to , COO and President of to understand different aspects of KRACK vulnerability and what steps businesses should take to prevent KRACK attack. He said, “Enterprises should use this hype cycle to persuade stakeholders to properly segment their wired and wireless networks, if that has previously been opposed.”

What KRACK vulnerability means for Wi-Fi enabled devices and what kind of devices are most affected?

Android device owners are most impacted. Apple and Windows only affected in special cases. Even so, the risk is not great until weaponized tools make this easy for hackers to use. And even then, they must be within WiFi radio range to do so. The worst case involves such tools getting installed on already compromised endpoints so hackers can remotely snoop on WiFi traffic. At any given moment, there are millions of endpoints around the world with malicious remote administration tools (RAT) secretly operating on them. For the enterprise, those that have poorly segmented wired from wireless traffic are the most exposed.

What enterprises can do to prevent KRACK attack?

On their endpoints, enterprises must add an extension or add-on to web browser, such as HTTPS everywhere. This ensures that all web traffic is encrypted, regardless of WiFi. Most sensitive browser traffic tends to be HTTPS encrypted anyway. Also, they should verify that their email clients are also set for HTTPS/TLS enabled.

What steps businesses should take moving forward to make their system robust from security point of view?

I think, they should use this hype cycle to persuade stakeholders to properly segment their wired and wireless networks, if that has previously been opposed. They should also check to see which of their devices are vulnerable and if patches are available for those at http://www.kb.cert.org/vuls/byvendor?searchview&Query=FIELD+Reference=228519&SearchOrder=4

Businesses should also watch for and implement device patches as they come. They should do this before any compromised endpoints in enterprise get tools installed on them to steal data in motion through their WiFi. Businesses need to stay vigilant, this is neither the first nor the last time risks like these arise.

What could happen if businesses do not address this challenge?

Sensitive data in motion can be captured, possibly even manipulated.

Get the day's headlines from Tech Observer straight in your inbox

By subscribing you agree to our Privacy Policy, T&C and consent to receive newsletters and other important communications.
M Kalam
M Kalam
M Kalam covers technology and e-goverance for TechObserver.in.
- Advertisement -
Reimagining Public Sector Analytics
Reimagining Public Sector Analytics
- Advertisement -Veeam
- Advertisement -Reimagining Public Sector Analytics
- Advertisement -ESDS SAP Hana

Subscribe to our Newsletter

83000+ Industry Leaders read it everyday

By subscribing you agree to our Privacy Policy, T&C and consent to receive newsletters and other important communications.
- Advertisement -

How AI power struggle opens up new frontier in global geopolitics

The far-reaching influence AI has on information processing, national security, military operations, the economy, and strategic decision-making is set to reshape the geopolitical landscape and redefine the power dynamics between nations.

RELATED ARTICLES