Today we have released our application to detect the KRACK attacks. For detailed information about the attack please refer to https://www.krackattacks.com/.
Since the attack can target both infrastructure and endpoints, patching the infrastructure alone will not be sufficient to protect against the attacks. Patching endpoints will be a tedious process for large organizations, especially if they operate IOT, OT or embedded devices relying on WIFI.
Since the vulnerable devices can survive for longer periods of time in the network, it is important to implement active monitoring of potential attacks.
LogPoint has released an application that picks up logs from your wireless controllers, if they detect the two primary approaches to exploiting the vulnerabilities:
With this application, you will be able to identify possible attempts to exploit the KRACK vulnerability.
Depending on your WIFI infrastructure, configuring the controllers to detect and log these things vary. We have included a guide on how to configure your Cisco Wireless Lan Controller.
Step 1. Make sure rogue detection is enabled
Step 2. Create a rule to flag rogue APs using “managed SSIDs” as malicious
For more details on configuring your Cisco WIFI infrastructure, please refer to WLC documentation:
Step 1. Download the application from LogPoint Help Center and install it on your system
Step 2. Activate the dashboard on your system
Step 3. Happy hunting!
For more information visit us at http://www.logpoint.com or contact us at firstname.lastname@example.org
Do you want to know more? Please contact us via the form below.
With LogPoint, you will discover a full enterprise SIEM solution.
LogPoint is EAL 3+ certified and the solution is tailored to solve the specific security management challenges of your business - whether the goal is compliance, forensics or operational insight.
And the best part..? We have the most predictable licensing model in the industry.