KRACKs

383

KRACKs

Today we have released our application to detect the KRACK attacks. For detailed information about the attack please refer to https://www.krackattacks.com/.

Since the attack can target both infrastructure and endpoints, patching the infrastructure alone will not be sufficient to protect against the attacks. Patching endpoints will be a tedious process for large organizations, especially if they operate IOT, OT or embedded devices relying on WIFI.

Since the vulnerable devices can survive for longer periods of time in the network, it is important to implement active monitoring of potential attacks.

LogPoint has released an application that picks up logs from your wireless controllers, if they detect the two primary approaches to exploiting the vulnerabilities:

  • Faking an infrastructure AP (evil twin/rogue AP)
  • Injecting frames in existing communication streams (null-key attacks and re-use of initialization vectors)

With this application, you will be able to identify possible attempts to exploit the KRACK vulnerability.

Configuring your WIFI infrastructure

Depending on your WIFI infrastructure, configuring the controllers to detect and log these things vary. We have included a guide on how to configure your Cisco Wireless Lan Controller.

Step 1. Make sure rogue detection is enabled

 krack blogpost step1

Step 2. Create a rule to flag rogue APs using “managed SSIDs” as malicious

krack blogpost step2

For more details on configuring your Cisco WIFI infrastructure, please refer to WLC documentation:

Configuring KRACK analytics in LogPoint

Step 1. Download the application from LogPoint Help Center and install it on your system
https://servicedesk.logpoint.com/hc/en-us/articles/115005424025-KRACK

Step 2. Activate the dashboard on your system

krack blogpost screenshot1

krack blogpost screenshot2

Step 3. Happy hunting!

Content included in the application

  1.  Vulnerability Scan: Identifying vulnerable devices. Look for various CVE ID for KRACK Attacks
  2. Null Probe Response Attacks
  3. Rogue Access Point Detection

For more information visit us at http://www.logpoint.com or contact us at info@logpoint.com

 

Do you want to know more? Please contact us via the form below.

Why LogPoint?

With LogPoint, you will discover a full enterprise SIEM solution. 

LogPoint is EAL 3+ certified and the solution is tailored to solve the specific security management challenges of your business - whether the goal is compliance, forensics or operational insight.

And the best part..? We have the most predictable licensing model in the industry.