Wireless Access

Reply
Frequent Contributor II

Re: WPA2 Vulnerability Discussion

Microsoft released their patch on October 10.

 

https://www.windowscentral.com/microsoft-releases-statement-krack-wi-fi-vulnerability

Microsoft released security updates on October 10th and customers who have Windows Update enabled and applied the security updates, are protected automatically. We updated to protect customers as soon as possible, but as a responsible industry partner, we withheld disclosure until other vendors could develop and release updates.

 

 


Bruce Osborne - Wireless Engineer
ACCP, ACMP
Regular Contributor I

Re: WPA2 Vulnerability Discussion

Yep 90 stand alone master controllers.  Airwave manages our configurations no issues there.  But for the sanity check on this vulnerability I wanted to manually validate each device.  rather than accessing one at a time I exported all the management IPs from Airwave into a list and used that list as part of the script.  Script logged into each device in the list one at a time, ran the command and output everything to a log file.  I was able to see the zero references for each controller as it ran so I really didn't need the log file.  To me this was clean and easy way.

 

 

Occasional Contributor I

Re: WPA2 Vulnerability Discussion

If I am not using 802.11r and there are no mesh APs, is there still a need to upgrade?

Re: WPA2 Vulnerability Discussion

Well if you have a controller based network, there are other vulnerabilities that affect you so yes you should upgrade.

http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-005.txt
http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-006.txt
Pasquale Monardo | Senior Network Solutions Consultant
ACDX #420 | ACMP
[If you found my post helpful, please give kudos!]
Moderator

Re: WPA2 Vulnerability Discussion


harishdv wrote:

If I am not using 802.11r and there are no mesh APs, is there still a need to upgrade?


You could wait - just make sure you are paying attention to the client side of the problem.

 

Also make sure you consider the vulnerability advisories from last week...

---
Jon Green, ACMX, CISSP
Security Guy
Occasional Contributor I

Re: WPA2 Vulnerability Discussion

Well, there are workarounds for those as well.
New Contributor

Re: WPA2 Vulnerability Discussion

I am wondering the same thing about the IAP-93? Will a patch be avaialbe for these, or will I need to shut mine down? 

Re: WPA2 Vulnerability Discussion

Do you use 802.11r?
Do you have mesh APs? (I don't think IAP-93s support mesh anyway)
Do you use Wi-Fi as a WAN uplink?

If NO to all these questions, then you are somewhat protected. The infrastructure side will be ok but your clients still need to be patched.

Again, the FAQ is your guide here.
http://community.arubanetworks.com/aruba/attachments/aruba/unified-wired-wireless-access/74761/1/FAQ%202017-10-16.pdf

page. 3 and 4 for instant.

If I am incorrect, someone will for sure correct me that I can assure you.
Pasquale Monardo | Senior Network Solutions Consultant
ACDX #420 | ACMP
[If you found my post helpful, please give kudos!]
Moderator

Re: WPA2 Vulnerability Discussion


sumnerbrianc wrote:

I am wondering the same thing about the IAP-93? Will a patch be avaialbe for these, or will I need to shut mine down? 


We missed the AP92/93 in our patches - the engineering team is working on that right now.  It should not take too long.

 

As far as the vulnerability goes, as long as your AP92/93 does not have 802.11r enabled, and you're not using mesh or Wi-Fi uplink (the AP-92 is a single-radio AP, so I don't think this is a common AP for those features) then I think you are safe keeping the network up.  In AP mode, 802.11r is the only vulnerability.  In client mode (mesh, Wi-Fi uplink), the 4-way handshake vulnerability is there.

---
Jon Green, ACMX, CISSP
Security Guy
Frequent Contributor II

Re: WPA2 Vulnerability Discussion

Hey All,

 

I am running 3400's and a 3600 on AOS 6.4.2.18 and cannot upgrade the firmware any higher.  I am having a hard time determining if there is a patch I can chose?

 

rif

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: