KRACK Attack Mitigation – A Call to Arms!

Ask any wireless engineer about the relationship with vendors who make the non-standard clients on their network and you’ll likely get a range of responses from quiet sobs to yelled expletives.

Problems ranging from bad driver or firmware updates, KRACKdevices which don’t follow the 802.11 standard, and long delays in problem resolution are all part of the experience.

Often we may say to a customer “These clients are causing problems and here is proof. You should look at replacing them.” While the vendor of those products are telling that same customer “Your network sucks!”

With that in mind, I want to consider a few things as we begin the KRACK Attack mitigation.

  • Check CERT’s Vulnerability Notes Database for the status of vendor updates. This is a pretty extensive list, and is worth following:
    CERT’s Vulnerability Database
  • Some vendors will be VERY slow to issue patches. It is absolutely essential that we as wireless engineers who have the ability to approve devices refuse any new client deployments without the appropriate patches.
    Bring the security team into the discussion, and ensure that as a united front, unpatched clients are refused!
    Those who work in a sales role should warn all customers away from vendors who are not actively communicating their patch strategy, with clearly defined release dates. We should not send money to any company that doesn’t see resolving this as one of their highest priorities. Those companies should wither and die.
  • Many large enterprises have specific budgets for IT security related expenditures. If the budget isn’t available from teams responsible for the devices, check with the security team. They may have a budget that can be utilized.
  • Communicate to the vendors this week. Ask about patching schedules for KRACK. Ask to be included in weekly updates on the status until patches are released. Make it very clear that you see this as a high priority and are not willing to accept a “Maybe, eventually” patch schedule.

As a group of wireless engineers, we cannot accept anything less than appropriate patches which clearly mitigate KRACK.

Advertisements

RSA can’t be trusted. Death to RSA.

RSA has finally admitted that it’s root certificates were compromised, which affects ALL SecurID tokens.

I personally feel that this shows absolute failure on the part of RSA. First, their root certificate was compromised. Second, rather than admit it, begin contacting customers immediately, and notifying the public, they chose to hide behind NDA’s while their customers were being compromised. RSA’s excuse for their lack of communication was that they didn’t want to give the attackers more information that could be used to exploit further companies. Based on the target of the attacks: Lockheed, Northrup Grumman, and L3 Communications, it is clear that the attackers knew everything already.

A company that was built on trusts and security has now been found completely untrustworthy and insecure. I expect to see major lawsuits resulting from this. I hope to see heads roll.

The company I work for uses these tokens. We have asked RSA for more information multiple times, but they have been slow in providing anything.

http://www.net-security.org/secworld.php?id=11122

Cisco is SCARED! Why Cisco won’t release an emulator.

Greg Ferro posted on his blog another plea to Cisco to play nice and give network engineers tools for testing, verifying, and learning new technology. If you’ve missed the recent debate on the matter, it’s OK. Crawl back under that rock, you won’t miss a thing.

I generally read Greg’s posts while nodding my head like some sick bobble headed doll, with an occasional grunt in agreement. However today, my head stopped bobbing when I realized something…

Cisco is AFRAID of the virtual switch/router.

Let that sink in for a minute.

I know what you’re thinking. “They don’t have anything to be afraid of. That’s crazy talk.”  I’m sure that people said the same about Dell and HP when ESX was first announced. “They don’t have anything to worry about. No data center could ever virtualize all of their servers. That’s just crazy.” Only, it did happen. Right now I am sitting just a few hundred feet from 100 servers that would be over 500 servers if it wasn’t for vmWare. Think of the lost revenue to Dell and HP.

But, you say, “what about the Nexus 1000v”. What about it? Cisco had already lost sales because all of those virtual servers didn’t need individual switchports. That was Cisco’s way of getting some of that revenue back. It wasn’t about extending network engineer’s control into the virtual environment. It was about lost port revenue.

Imagine with me for a moment. What would happen if you could virtualize the Edge and Core layers of your network all onto a single HA cluster. (Maybe a couple of Dell or HP servers.)

Firewalls, Check
Routing, Check
IDS, Check
VPN, Check

Where is the need for 10GB, 40GB, 100GB, TRILL, or Fabric Path? What about all of the other technologies that Cisco will sell us over the next 10 years, forcing us to replace existing hardware?

Outside of the HA cluster, you would need a couple of switches for Distribution, and you would need your normal Access layer switches, but how many components of the network would be cut? Not only routers, firewalls, and switches, but adapters, redundant power supplies, wireless controllers.

It’s already been done. Look at Cisco Call Manager. A router, switch, and server that do the work of racks and racks of PBX equipment.

“But, I just want them to release it so that I can test.”

Cisco has three choices: 1. Stick fingers in their ears and hum loudly. (Current tactic) 2. Release a good virtual network platform, and wait for everyone to ask, “wait…why can’t we virtualize this for real?” 3. Release a crippled, barely working virtual platform, and then get derided for their poor product.

No matter how Cisco looks at it, they lose.

Suddenly I am asking myself. After IPv6, what is the next big thing to happen in networking? Could virtualization change networking the way it changed servers?

Is Cisco getting back on track?

Cisco’s big-man-in-charge, John Chambers, sent out an email to all employees this week, which outlined a few important things:

-Cisco has lost focus
-Cisco was caught off guard by certain movements within the Networking community (openflow, new products from other vendors, etc)
-Cisco makes it difficult for new product to make it to market
-Cisco has to focus on the core business components, rather than continuing to diversify into low margin consumer markets
-Most importantly, Cisco shareholders, employees, and customers are not happy with the current direction that Cisco has taken

The message is a great read, and gives me hope that Cisco can get back on the ball, and address some of it’s core issues. Kudos to the Cisco team for taking a hard look at where they are, and making decisions to correct their wandering trajectory. Here’s hoping they follow through!

http://blogs.cisco.com/news/message-from-john-chambers-where-cisco-is-taking-the-network/

RSA hacked? No, really.

In an open letter to customers, Art Coviello from RSA admitted that attackers had gained access to some of their internal information regarding the RSA SecurID products. While there was no customer information lost, it says that RSA is working with customers to provide “immediate steps for them to take to strengthen their SecurID implementations.”

I think I’ll go for a walk now…