date:20171016

Re: [WIRELESS-LAN] Big flaw in WPA2

2017-10-16 Thread Max McGrath

Extreme Network's responseL

https://extremeportal.force.com/ExtrArticleDetail?n=18005

--
Max McGrath  
Network Administrator
Carthage College
262-551-
mmcgr...@carthage.edu

On Mon, Oct 16, 2017 at 6:34 PM, Schuette, David 
wrote:

> Aerohive's response
>
> https://www3.aerohive.com/support/security-bulletins/
> Product-Security-Announcement-Aerohives-Response-to-KRACK-
> 10162017.html?_ga=2.40289697.2082952693.1508196685-659670165.1508196685
>
>
> Thanks
> David
> David Schuette
> Network-Data Security Manager
> Information Technology Services
> METROPOLITAN STATE UNIVERSITY OF DENVER
> Campus Box 96, P.O. Box 173362  |  Denver, CO 80217-3362
> Tel 303-556-4639 (old)
> New – 303-615-1130 (Please note my phone number has changed)
> www.msudenver.edu
> MSU Denver’s mission is to provide a high-quality, accessible, enriching
> education that prepares students for successful careers, post-graduate
> education and lifelong learning in a multicultural, global and
> technological society. To fulfill its mission, MSU Denver’s diverse
> university community engages the community at large in scholarly inquiry,
> creative activity and the application of knowledge.
>
> MSU Denver’s mission, vision, ongoing operations and strategic planning
> are informed by a core set of values that define who we are - and aspire to
> be - as a University. They are:
> Community – Access – Diversity – Respect – Entrepreneurship
>
>
>
> -Original Message-
> From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:
> WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Richard Nedwich
> Sent: Monday, October 16, 2017 5:05 PM
> To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> Subject: Re: [WIRELESS-LAN] Big flaw in WPA2
>
> Ruckus has posted an official response in a Blog Post here:
>
> https://theruckusroom.ruckuswireless.com/wi-fi/2017/
> 10/16/commonsense-approach-uncommon-problem/
>
> Further, please find a Cloudpath KB article on the Ruckus support site
> here:
> https://support.ruckuswireless.com/documents/
> 2039-faq-security-advisory-cp-101617-802-11r-vulnerability
>
> -Rich
>
> **
> Participation and subscription information for this EDUCAUSE Constituent
> Group discussion list can be found at http://www.educause.edu/discuss.
>
> **
> Participation and subscription information for this EDUCAUSE Constituent
> Group discussion list can be found at http://www.educause.edu/discuss.
>
>

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.

RE: [WIRELESS-LAN] Big flaw in WPA2

2017-10-16 Thread Schuette, David

Aerohive's response

https://www3.aerohive.com/support/security-bulletins/Product-Security-Announcement-Aerohives-Response-to-KRACK-10162017.html?_ga=2.40289697.2082952693.1508196685-659670165.1508196685


Thanks
David
David Schuette 
Network-Data Security Manager 
Information Technology Services
METROPOLITAN STATE UNIVERSITY OF DENVER
Campus Box 96, P.O. Box 173362  |  Denver, CO 80217-3362
Tel 303-556-4639 (old) 
New – 303-615-1130 (Please note my phone number has changed)
www.msudenver.edu
MSU Denver’s mission is to provide a high-quality, accessible, enriching 
education that prepares students for successful careers, post-graduate 
education and lifelong learning in a multicultural, global and technological 
society. To fulfill its mission, MSU Denver’s diverse university community 
engages the community at large in scholarly inquiry, creative activity and the 
application of knowledge.  

MSU Denver’s mission, vision, ongoing operations and strategic planning are 
informed by a core set of values that define who we are - and aspire to be - as 
a University. They are: 
Community – Access – Diversity – Respect – Entrepreneurship



-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Richard Nedwich
Sent: Monday, October 16, 2017 5:05 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Big flaw in WPA2

Ruckus has posted an official response in a Blog Post here: 

https://theruckusroom.ruckuswireless.com/wi-fi/2017/10/16/commonsense-approach-uncommon-problem/

Further, please find a Cloudpath KB article on the Ruckus support site here:
https://support.ruckuswireless.com/documents/2039-faq-security-advisory-cp-101617-802-11r-vulnerability

-Rich

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.

RE: [WIRELESS-LAN] Big flaw in WPA2

2017-10-16 Thread Mike Cunningham

Same story - different wording. This article is blaming the protocol and not 
the implementation "The weaknesses are in the Wi-Fi standard itself, and not in 
individual products or implementations"  
https://www.theregister.co.uk/2017/10/16/wpa2_krack_attack_security_wifi_wireless/

-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Chuck Anderson
Sent: Monday, October 16, 2017 3:08 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Big flaw in WPA2

It isn't a design flaw.  It is an implementation flaw that everyone did wrong 
because the spec didn't address the need to be careful about it.

Read this Aruba FAQ, it is helpful to address these sorts of questions:

http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-007_FAQ_Rev-1.pdf

On Mon, Oct 16, 2017 at 06:57:57PM +, Mike Cunningham wrote:
> If this is a flaw in the design of the WPA2 protocol isn't the fix going to 
> need to be made on both sides of the communication link?  Access points will 
> all need to be updated but also all client wifi drivers are going to need to 
> be updated on all wifi enabled devices that support WPA2, right?
>
> Mike Cunningham
>
>
> From: The EDUCAUSE Wireless Issues Constituent Group Listserv
> [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Stephen
> Belcher
> Sent: Monday, October 16, 2017 10:40 AM
> To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> Subject: Re: [WIRELESS-LAN] Big flaw in WPA2
>
>
> >From Cisco:
>
>
>
> https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/
> cisco-sa-20171016-wpa
>
>
>
>
>
> / Stephen Belcher
>
> Assistant Director of Network Operations WVU Information Technology
> Services
>
> One Waterfront Place / PO Box 6500
>
> Morgantown, WV  26506
>
>
>
> (304) 293-8440 office
> (681) 214-3389 mobile
> steve.belc...@mail.wvu.edu<mailto:steve.belc...@mail.wvu.edu>
>
> 
> From: The EDUCAUSE Wireless Issues Constituent Group Listserv
> <WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCA
> USE.EDU>> on behalf of Richard Nedwich
> <rich.nedw...@brocade.com<mailto:rich.nedw...@brocade.com>>
> Sent: Monday, October 16, 2017 10:34:43 AM
> To:
> WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAU
> SE.EDU>
> Subject: Re: [WIRELESS-LAN] Big flaw in WPA2
>
> Ruckus is providing a response today.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.

This email may contain confidential information about a Pennsylvania College of 
Technology student. It is intended solely for the use of the recipient. This 
email may contain information that is considered an “educational record” 
subject to the protections of the Family Educational Rights and Privacy Act 
Regulations. The regulations may be found at 34 C.F.R. Part 99 for your 
reference. The recipient may only use or disclose the information in accordance 
with the requirements of the Federal Educational Rights and Privacy Act 
Regulations. If you have received this transmission in error, please notify the 
sender immediately and permanently delete the email.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.

RE: [WIRELESS-LAN] Big flaw in WPA2

2017-10-16 Thread Hector J Rios

The short answer is Yes.

Hector Rios
Louisiana State University

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Mike Cunningham
Sent: Monday, October 16, 2017 1:58 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Big flaw in WPA2

If this is a flaw in the design of the WPA2 protocol isn't the fix going to 
need to be made on both sides of the communication link?  Access points will 
all need to be updated but also all client wifi drivers are going to need to be 
updated on all wifi enabled devices that support WPA2, right?

Mike Cunningham

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Stephen Belcher
Sent: Monday, October 16, 2017 10:40 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Subject: Re: [WIRELESS-LAN] Big flaw in WPA2

>From Cisco:

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171016-wpa

/ Stephen Belcher

Assistant Director of Network Operations
WVU Information Technology Services

One Waterfront Place / PO Box 6500

Morgantown, WV  26506

(304) 293-8440 office
(681) 214-3389 mobile
steve.belc...@mail.wvu.edu<mailto:steve.belc...@mail.wvu.edu>

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
<WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
on behalf of Richard Nedwich 
<rich.nedw...@brocade.com<mailto:rich.nedw...@brocade.com>>
Sent: Monday, October 16, 2017 10:34:43 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Subject: Re: [WIRELESS-LAN] Big flaw in WPA2

Ruckus is providing a response today.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/discuss.

This email may contain confidential information about a Pennsylvania College of 
Technology student. It is intended solely for the use of the recipient. This 
email may contain information that is considered an "educational record" 
subject to the protections of the Family Educational Rights and Privacy Act 
Regulations. The regulations may be found at 34 C.F.R. Part 99 for your 
reference. The recipient may only use or disclose the information in accordance 
with the requirements of the Federal Educational Rights and Privacy Act 
Regulations. If you have received this transmission in error, please notify the 
sender immediately and permanently delete the email.
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/discuss.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.

Re: [WIRELESS-LAN] Big flaw in WPA2

2017-10-16 Thread Sweetser, Frank E

Hi Mike,


yes, you're absolutely correct.  Looking around the web, it looks like 
Microsoft and Apple have already released patches, so those who are completely 
up to date should be safe.  Android is more of a mixed bag, but at least Pixel 
phones should be patched in the November fixes in a few weeks.


Frank Sweetser
Director of Network Operations
Worcester Polytechnic Institute
"For every problem, there is a solution that is simple, elegant, and wrong." - 
HL Mencken



From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
<WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> on behalf of Mike Cunningham 
<mike.cunning...@pct.edu>
Sent: Monday, October 16, 2017 2:57 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Big flaw in WPA2


If this is a flaw in the design of the WPA2 protocol isn’t the fix going to 
need to be made on both sides of the communication link?  Access points will 
all need to be updated but also all client wifi drivers are going to need to be 
updated on all wifi enabled devices that support WPA2, right?



Mike Cunningham





From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Stephen Belcher
Sent: Monday, October 16, 2017 10:40 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Big flaw in WPA2



>From Cisco:



https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171016-wpa





/ Stephen Belcher

Assistant Director of Network Operations
WVU Information Technology Services

One Waterfront Place / PO Box 6500

Morgantown, WV  26506



(304) 293-8440 office
(681) 214-3389 mobile
steve.belc...@mail.wvu.edu<mailto:steve.belc...@mail.wvu.edu>



From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
<WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
on behalf of Richard Nedwich 
<rich.nedw...@brocade.com<mailto:rich.nedw...@brocade.com>>
Sent: Monday, October 16, 2017 10:34:43 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Subject: Re: [WIRELESS-LAN] Big flaw in WPA2



Ruckus is providing a response today.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/discuss.


This email may contain confidential information about a Pennsylvania College of 
Technology student. It is intended solely for the use of the recipient. This 
email may contain information that is considered an “educational record” 
subject to the protections of the Family Educational Rights and Privacy Act 
Regulations. The regulations may be found at 34 C.F.R. Part 99 for your 
reference. The recipient may only use or disclose the information in accordance 
with the requirements of the Federal Educational Rights and Privacy Act 
Regulations. If you have received this transmission in error, please notify the 
sender immediately and permanently delete the email. ** Participation 
and subscription information for this EDUCAUSE Constituent Group discussion 
list can be found at http://www.educause.edu/discuss.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.

Re: [WIRELESS-LAN] Big flaw in WPA2

2017-10-16 Thread Stephen Belcher

>From our Cisco SE:


The fix for IOS based AP’s (802.11ac Wave 1 or older) has been posted 
(8.3.130.0)
The fix for ClickOS based AP’s (All 802.11ac Wave 2 AP’s  [1800, 2800 3800 
series]) is in finalization testing and should be posted within a few days. 
(8.3.13x.0) same for 8.2/8.4/8.5
The fix for 8.0 is being written now and ETA will be provided shortly.



/ Stephen Belcher

Assistant Director of Network Operations
WVU Information Technology Services

One Waterfront Place / PO Box 6500

Morgantown, WV  26506



(304) 293-8440 office
(681) 214-3389 mobile
steve.belc...@mail.wvu.edu<mailto:steve.belc...@mail.wvu.edu>


From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
<WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> on behalf of Chuck Anderson <c...@wpi.edu>
Sent: Monday, October 16, 2017 3:07:55 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Big flaw in WPA2

It isn't a design flaw.  It is an implementation flaw that everyone did wrong 
because the spec didn't address the need to be careful about it.

Read this Aruba FAQ, it is helpful to address these sorts of questions:

http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-007_FAQ_Rev-1.pdf

On Mon, Oct 16, 2017 at 06:57:57PM +, Mike Cunningham wrote:
> If this is a flaw in the design of the WPA2 protocol isn't the fix going to 
> need to be made on both sides of the communication link?  Access points will 
> all need to be updated but also all client wifi drivers are going to need to 
> be updated on all wifi enabled devices that support WPA2, right?
>
> Mike Cunningham
>
>
> From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
> [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Stephen Belcher
> Sent: Monday, October 16, 2017 10:40 AM
> To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> Subject: Re: [WIRELESS-LAN] Big flaw in WPA2
>
>
> >From Cisco:
>
>
>
> https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171016-wpa
>
>
>
>
>
> / Stephen Belcher
>
> Assistant Director of Network Operations
> WVU Information Technology Services
>
> One Waterfront Place / PO Box 6500
>
> Morgantown, WV  26506
>
>
>
> (304) 293-8440 office
> (681) 214-3389 mobile
> steve.belc...@mail.wvu.edu<mailto:steve.belc...@mail.wvu.edu>
>
> 
> From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
> <WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>>
>  on behalf of Richard Nedwich 
> <rich.nedw...@brocade.com<mailto:rich.nedw...@brocade.com>>
> Sent: Monday, October 16, 2017 10:34:43 AM
> To: 
> WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
> Subject: Re: [WIRELESS-LAN] Big flaw in WPA2
>
> Ruckus is providing a response today.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.

Re: [WIRELESS-LAN] Big flaw in WPA2

2017-10-16 Thread Chuck Anderson

It isn't a design flaw.  It is an implementation flaw that everyone did wrong 
because the spec didn't address the need to be careful about it.

Read this Aruba FAQ, it is helpful to address these sorts of questions:

http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-007_FAQ_Rev-1.pdf

On Mon, Oct 16, 2017 at 06:57:57PM +, Mike Cunningham wrote:
> If this is a flaw in the design of the WPA2 protocol isn't the fix going to 
> need to be made on both sides of the communication link?  Access points will 
> all need to be updated but also all client wifi drivers are going to need to 
> be updated on all wifi enabled devices that support WPA2, right?
> 
> Mike Cunningham
> 
> 
> From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
> [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Stephen Belcher
> Sent: Monday, October 16, 2017 10:40 AM
> To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> Subject: Re: [WIRELESS-LAN] Big flaw in WPA2
> 
> 
> >From Cisco:
> 
> 
> 
> https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171016-wpa
> 
> 
> 
> 
> 
> / Stephen Belcher
> 
> Assistant Director of Network Operations
> WVU Information Technology Services
> 
> One Waterfront Place / PO Box 6500
> 
> Morgantown, WV  26506
> 
> 
> 
> (304) 293-8440 office
> (681) 214-3389 mobile
> steve.belc...@mail.wvu.edu<mailto:steve.belc...@mail.wvu.edu>
> 
> 
> From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
> <WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>>
>  on behalf of Richard Nedwich 
> <rich.nedw...@brocade.com<mailto:rich.nedw...@brocade.com>>
> Sent: Monday, October 16, 2017 10:34:43 AM
> To: 
> WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
> Subject: Re: [WIRELESS-LAN] Big flaw in WPA2
> 
> Ruckus is providing a response today.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.

RE: [WIRELESS-LAN] Big flaw in WPA2

2017-10-16 Thread Mike Cunningham

If this is a flaw in the design of the WPA2 protocol isn't the fix going to 
need to be made on both sides of the communication link?  Access points will 
all need to be updated but also all client wifi drivers are going to need to be 
updated on all wifi enabled devices that support WPA2, right?

Mike Cunningham


From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Stephen Belcher
Sent: Monday, October 16, 2017 10:40 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Big flaw in WPA2


>From Cisco:



https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171016-wpa





/ Stephen Belcher

Assistant Director of Network Operations
WVU Information Technology Services

One Waterfront Place / PO Box 6500

Morgantown, WV  26506



(304) 293-8440 office
(681) 214-3389 mobile
steve.belc...@mail.wvu.edu<mailto:steve.belc...@mail.wvu.edu>


From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
<WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
on behalf of Richard Nedwich 
<rich.nedw...@brocade.com<mailto:rich.nedw...@brocade.com>>
Sent: Monday, October 16, 2017 10:34:43 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Subject: Re: [WIRELESS-LAN] Big flaw in WPA2

Ruckus is providing a response today.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/discuss.


This email may contain confidential information about a Pennsylvania College of 
Technology student. It is intended solely for the use of the recipient. This 
email may contain information that is considered an "educational record" 
subject to the protections of the Family Educational Rights and Privacy Act 
Regulations. The regulations may be found at 34 C.F.R. Part 99 for your 
reference. The recipient may only use or disclose the information in accordance 
with the requirements of the Federal Educational Rights and Privacy Act 
Regulations. If you have received this transmission in error, please notify the 
sender immediately and permanently delete the email.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.

Fwd: [mobility] time for WPA3?

2017-10-16 Thread Philippe Hanset

All,

In light of the WPA2 exploit, I want to share an email exchange that I had with 
a colleague.
Basically at the minimum disable 802.11r
> 
>> On 10-16-17 18:21, Philippe Hanset wrote:
>> So is it correct to state the following:
>> 1) WPA2 is vulnerable 
> 
> Well, it wasn't properly implemented; so implementations are vulnerable.
> 
>> 2) Firmware patches should fix infrastructure side and device side
> 
> ... and quite some have them available already, and/or you disable 11r
> for now,
> 
>> 3) Unpatched infrastructure will put all devices at risk
> 
> Yes and no; you can mitigate the risks by disabling 802.11r, and the
> risk with eg. patched devices is that you could decrypt traffic from the
> network to a client.
> 
>> 4) Unpatched devices will be at risk when joining any infrastructure but 
>> will not risk the integrity of patched infrastructure.
> 
> Unpatched clients will have the risk of having their data decrypted, or
> (in the case of mostly Android) have no encryption at all for their
> upstream data.
> 
> 
Philippe Hanset
www.eduroam.us
www.anyroam.net
> 

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.

Re: [WIRELESS-LAN] Big flaw in WPA2

2017-10-16 Thread Stephen Belcher

>From Cisco:


https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171016-wpa



/ Stephen Belcher

Assistant Director of Network Operations
WVU Information Technology Services

One Waterfront Place / PO Box 6500

Morgantown, WV  26506



(304) 293-8440 office
(681) 214-3389 mobile
steve.belc...@mail.wvu.edu<mailto:steve.belc...@mail.wvu.edu>


From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
<WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> on behalf of Richard Nedwich 
<rich.nedw...@brocade.com>
Sent: Monday, October 16, 2017 10:34:43 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Big flaw in WPA2

Ruckus is providing a response today.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.

Re: Big flaw in WPA2

2017-10-16 Thread Richard Nedwich

Ruckus is providing a response today.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.

Re: [WIRELESS-LAN] Big flaw in WPA2

2017-10-16 Thread Blake Krone

Very bad idea. You are trading encryption for something that I could spoof in 
no time and be on your network faster than it would take for me to read about 
the wpa2 compromise. 

> On Oct 16, 2017, at 9:56 AM, Tim Tyler  wrote:
> 
> This brings up an issue where I have philosophically wondered if mac address 
> authentication isn’t better than 802.11x (wpa2).  The reason isn’t because it 
> guards the network better.  But if one does get hacked at the point of 
> accessing the network, the consequences are way less.  One isn’t giving a way 
> the keys to their other accounts.   I know some institutions do use mac 
> address authentication as their primary access method.   It is difficult for 
> institutions that can’t afford pricey on-boarding solutions to manage 
> certificate lock downs.   Hence, man in the middle attacks become prevalent 
> as well.
>   We already use mac address authentication for devices that won’t support 
> 802.1x.  I keep wondering now if I shouldn’t make that our primary solution 
> someday.  I am curious as to what others think. 
>  
> Tim
>  
> From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
> [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Turner, Ryan H
> Sent: Monday, October 16, 2017 6:51 AM
> To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> Subject: [WIRELESS-LAN] Big flaw in WPA2
>  
> 
> https://arstechnica.com/information-technology/2017/10/severe-flaw-in-wpa2-protocol-leaves-wi-fi-traffic-open-to-eavesdropping/
> 
> Ryan Turner
> Manager of Network Operations, ITS
> The University of North Carolina at Chapel Hill
> +1 919 274 7926 Mobile
> +1 919 445 0113 Office
> ** Participation and subscription information for this EDUCAUSE 
> Constituent Group discussion list can be found at 
> http://www.educause.edu/discuss.
> ** Participation and subscription information for this EDUCAUSE 
> Constituent Group discussion list can be found at 
> http://www.educause.edu/discuss.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.

RE: [WIRELESS-LAN] Big flaw in WPA2- Cisco Statement

2017-10-16 Thread Lee H Badman

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171016-wpa

Lee Badman | Network Architect

Certified Wireless Network Expert (#200)
Information Technology Services
206 Machinery Hall
120 Smith Drive
Syracuse, New York 13244
t 315.443.3003   f 315.443.4325   e lhbad...@syr.edu<mailto:lhbad...@syr.edu> w 
its.syr.edu
SYRACUSE UNIVERSITY
syr.edu

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Yahya M. Jaber
Sent: Monday, October 16, 2017 10:12 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Big flaw in WPA2

Cisco said they will release an official statement today.
Yahya Jaber.
CCIE Wireless.
055-869-7555
ITNC Engineering.
KAUST.



Sent from an Android

On Oct 16, 2017 17:10, "Norton, Thomas (Network Operations)" 
<tnort...@liberty.edu<mailto:tnort...@liberty.edu>> wrote:

For Aruba folks:



http://community.arubanetworks.com/aruba/attachments/aruba/unified-wired-wireless-access/74698/1/WPA2%20Vulnerability%20IDS%20feature.pdf



T.J. Norton
Wireless Network Architect – Team Lead
Network Services – Wireless

(434) 592-6552

[http://www.liberty.edu/media/1616/40themail/wordmark-for-email.jpg]

Liberty University  |  Training Champions for Christ since



From: Norton, Thomas (Network Operations)
Sent: Monday, October 16, 2017 8:41 AM
To: The EDUCAUSE Wireless Issues Constituent Group Listserv
Subject: Re: [WIRELESS-LAN] Big flaw in WPA2

So basically those are work around as in the interim, so don’t use 802.11r, 
mesh, or clarify engine. Fun stuff! Lee said it Best, let the panic begin lol


T.J. Norton

Wireless Network Architect
Network Operations

(434) 592-6552<tel:%28434%29%20592-6552>



[http://www.liberty.edu/media/1616/40themail/wordmark-for-email.jpg]

Liberty University  |  Training Champions for Christ since 1971

On Oct 16, 2017, at 8:30 AM, McClintic, Thomas 
<thomas.mcclin...@uth.tmc.edu<mailto:thomas.mcclin...@uth.tmc.edu>> wrote:

This seems contradicting…



Workarounds

===

All vulnerabilities described in this advisory may be mitigated by

disabling certain features:

- For ArubaOS, ensure that 802.11r is disabled by verifying that any

   configured SSID profile does not contain a "dot11r-profile".  From the

   command line, "show wlan dot11r-profile" will list any 802.11r profiles

   that have been configured.  If the reference count is 0, 802.11r is not

   enabled.

- For InstantOS, ensure that 802.11r is not enabled in any configured WLAN.

- Disabling 802.11r on the AP infrastructure will effectively mitigate

   client-side 802.11r vulnerabilities.  It will not, however, mitigate

   client-side 4-way handshake vulnerabilities.

- Clarity Engine is a beta feature enabled only in special builds of

   software.  Customers who are participating in this beta should not use

   Clarity Engine until a software update has been completed.

- Mesh mode for both ArubaOS and InstantOS is vulnerable.  Until this

   vulnerability is patched, mesh networks should be disabled.

- Wi-Fi uplink mode for InstantOS is vulnerable.  Until this vulnerability

   is patched, the Wi-Fi uplink feature should not be used.





TJ McClintic



From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Lee H Badman
Sent: Monday, October 16, 2017 7:10 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Subject: Re: [WIRELESS-LAN] Big flaw in WPA2



Let the panic begin.





From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Turner, Ryan H
Sent: Monday, October 16, 2017 7:51 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Subject: [WIRELESS-LAN] Big flaw in WPA2



https://arstechnica.com/information-technology/2017/10/severe-flaw-in-wpa2-protocol-leaves-wi-fi-traffic-open-to-eavesdropping/<https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Furldefense.proofpoint.com%2Fv2%2Furl%3Fu%3Dhttps-3A__arstechnica.com_information-2Dtechnology_2017_10_severe-2Dflaw-2Din-2Dwpa2-2Dprotocol-2Dleaves-2Dwi-2Dfi-2Dtraffic-2Dopen-2Dto-2Deavesdropping_%26d%3DDwMGaQ%26c%3D6vgNTiRn9_pqCD9hKx9JgXN1VapJQ8JVoF8oWH1AgfQ%26r%3DrYfqH_8oTvcXxRxUI3x3m3Y7Nwgir7tnuoGbdZsrUM4%26m%3D8MuvlPZjzllurTQKouFgNet-ZD2O7K-olxOq3qK0xUg%26s%3D3RHUpF3R323_-8qPyPNO8nzN6DTJnsWpjrrc2drGdik%26e%3D=02%7C01%7Ctnorton7%40liberty.edu%7C869a9c0856a44d85dba708d51491af20%7Cbaf8218eb3024465a9934a39c97251b2%7C0%7C0%7C636437538292695507=vFmnvcmEgoYO99NInPZ%2Bm01TJAk7lrNIbtXsiuwn4s8%3D=0>

Ryan Turner

Manager of Network Operations, ITS

The University of North Carolina at Chapel Hill

+1 919 274 7926 Mobile

+1 919 445 0113 Office

** Participation and subscription information for this EDUCAUSE

Re: [WIRELESS-LAN] Big flaw in WPA2

2017-10-16 Thread Yahya M. Jaber

Cisco said they will release an official statement today.

Yahya Jaber.
CCIE Wireless.
055-869-7555
ITNC Engineering.
KAUST.



Sent from an Android

On Oct 16, 2017 17:10, "Norton, Thomas (Network Operations)" 
 wrote:

For Aruba folks:


http://community.arubanetworks.com/aruba/attachments/aruba/unified-wired-wireless-access/74698/1/WPA2%20Vulnerability%20IDS%20feature.pdf


T.J. Norton
Wireless Network Architect – Team Lead
Network Services – Wireless

(434) 592-6552

[http://www.liberty.edu/media/1616/40themail/wordmark-for-email.jpg]

Liberty University  |  Training Champions for Christ since




From: Norton, Thomas (Network Operations)
Sent: Monday, October 16, 2017 8:41 AM
To: The EDUCAUSE Wireless Issues Constituent Group Listserv
Subject: Re: [WIRELESS-LAN] Big flaw in WPA2

So basically those are work around as in the interim, so don’t use 802.11r, 
mesh, or clarify engine. Fun stuff! Lee said it Best, let the panic begin lol


T.J. Norton

Wireless Network Architect
Network Operations

(434) 592-6552



[http://www.liberty.edu/media/1616/40themail/wordmark-for-email.jpg]

Liberty University  |  Training Champions for Christ since 1971

On Oct 16, 2017, at 8:30 AM, McClintic, Thomas 
> wrote:


This seems contradicting…




Workarounds

===

All vulnerabilities described in this advisory may be mitigated by

disabling certain features:

- For ArubaOS, ensure that 802.11r is disabled by verifying that any

   configured SSID profile does not contain a "dot11r-profile".  From the

   command line, "show wlan dot11r-profile" will list any 802.11r profiles

   that have been configured.  If the reference count is 0, 802.11r is not

   enabled.

- For InstantOS, ensure that 802.11r is not enabled in any configured WLAN.

- Disabling 802.11r on the AP infrastructure will effectively mitigate

   client-side 802.11r vulnerabilities.  It will not, however, mitigate

   client-side 4-way handshake vulnerabilities.

- Clarity Engine is a beta feature enabled only in special builds of

   software.  Customers who are participating in this beta should not use

   Clarity Engine until a software update has been completed.

- Mesh mode for both ArubaOS and InstantOS is vulnerable.  Until this

   vulnerability is patched, mesh networks should be disabled.

- Wi-Fi uplink mode for InstantOS is vulnerable.  Until this vulnerability

   is patched, the Wi-Fi uplink feature should not be used.





TJ McClintic




From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Lee H Badman
Sent: Monday, October 16, 2017 7:10 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Big flaw in WPA2



Let the panic begin.





From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Turner, Ryan H
Sent: Monday, October 16, 2017 7:51 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Big flaw in WPA2



https://arstechnica.com/information-technology/2017/10/severe-flaw-in-wpa2-protocol-leaves-wi-fi-traffic-open-to-eavesdropping/

Ryan Turner

Manager of Network Operations, ITS

The University of North Carolina at Chapel Hill

+1 919 274 7926 Mobile

+1 919 445 0113 Office

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/discuss.

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found

Re: [WIRELESS-LAN] Big flaw in WPA2

2017-10-16 Thread Norton, Thomas (Network Operations)

For Aruba folks:


http://community.arubanetworks.com/aruba/attachments/aruba/unified-wired-wireless-access/74698/1/WPA2%20Vulnerability%20IDS%20feature.pdf


T.J. Norton
Wireless Network Architect – Team Lead
Network Services – Wireless

(434) 592-6552

[http://www.liberty.edu/media/1616/40themail/wordmark-for-email.jpg]

Liberty University  |  Training Champions for Christ since




From: Norton, Thomas (Network Operations)
Sent: Monday, October 16, 2017 8:41 AM
To: The EDUCAUSE Wireless Issues Constituent Group Listserv
Subject: Re: [WIRELESS-LAN] Big flaw in WPA2

So basically those are work around as in the interim, so don’t use 802.11r, 
mesh, or clarify engine. Fun stuff! Lee said it Best, let the panic begin lol

T.J. Norton
Wireless Network Architect
Network Operations

(434) 592-6552

[http://www.liberty.edu/media/1616/40themail/wordmark-for-email.jpg]

Liberty University  |  Training Champions for Christ since 1971

On Oct 16, 2017, at 8:30 AM, McClintic, Thomas 
> wrote:

This seems contradicting…


Workarounds
===
All vulnerabilities described in this advisory may be mitigated by
disabling certain features:
- For ArubaOS, ensure that 802.11r is disabled by verifying that any
   configured SSID profile does not contain a "dot11r-profile".  From the
   command line, "show wlan dot11r-profile" will list any 802.11r profiles
   that have been configured.  If the reference count is 0, 802.11r is not
   enabled.
- For InstantOS, ensure that 802.11r is not enabled in any configured WLAN.
- Disabling 802.11r on the AP infrastructure will effectively mitigate
   client-side 802.11r vulnerabilities.  It will not, however, mitigate
   client-side 4-way handshake vulnerabilities.
- Clarity Engine is a beta feature enabled only in special builds of
   software.  Customers who are participating in this beta should not use
   Clarity Engine until a software update has been completed.
- Mesh mode for both ArubaOS and InstantOS is vulnerable.  Until this
   vulnerability is patched, mesh networks should be disabled.
- Wi-Fi uplink mode for InstantOS is vulnerable.  Until this vulnerability
   is patched, the Wi-Fi uplink feature should not be used.


TJ McClintic


From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Lee H Badman
Sent: Monday, October 16, 2017 7:10 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Big flaw in WPA2

Let the panic begin.


From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Turner, Ryan H
Sent: Monday, October 16, 2017 7:51 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Big flaw in WPA2


https://arstechnica.com/information-technology/2017/10/severe-flaw-in-wpa2-protocol-leaves-wi-fi-traffic-open-to-eavesdropping/

Ryan Turner
Manager of Network Operations, ITS
The University of North Carolina at Chapel Hill
+1 919 274 7926 Mobile
+1 919 445 0113 Office
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/discuss.
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at

RE: [WIRELESS-LAN] Big flaw in WPA2

2017-10-16 Thread Tim Tyler

This brings up an issue where I have philosophically wondered if mac
address authentication isn’t better than 802.11x (wpa2). The reason isn’t
because it guards the network better. But if one does get hacked at the
point of accessing the network, the consequences are way less. One isn’t
giving a way the keys to their other accounts. I know some institutions
do use mac address authentication as their primary access method. It is
difficult for institutions that can’t afford pricey on-boarding solutions
to manage certificate lock downs. Hence, man in the middle attacks become
prevalent as well.

We already use mac address authentication for devices that won’t support
802.1x. I keep wondering now if I shouldn’t make that our primary solution
someday. I am curious as to what others think.

Tim

*From:* The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] *On Behalf Of *Turner, Ryan H
*Sent:* Monday, October 16, 2017 6:51 AM
*To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
*Subject:* [WIRELESS-LAN] Big flaw in WPA2

https://arstechnica.com/information-technology/2017/10/severe-flaw-in-wpa2-protocol-leaves-wi-fi-traffic-open-to-eavesdropping/

Ryan Turner

Manager of Network Operations, ITS

The University of North Carolina at Chapel Hill

+1 919 274 7926 Mobile

+1 919 445 0113 Office

** Participation and subscription information for this EDUCAUSE
Constituent Group discussion list can be found at
http://www.educause.edu/discuss.

**
Participation and subscription information for this EDUCAUSE Constituent Group
discussion list can be found at http://www.educause.edu/discuss.

RE: [WIRELESS-LAN] Big flaw in WPA2

2017-10-16 Thread Lee H Badman

Just keep in mind that an attacker still needs to be strategically positioned 
(physically) to pull this off, and there are no known cases yet of it 
happening. Not to say it won’t/can’t but it’s easy to get sucked in to the 
panic if just going off of headlines.

Lee Badman | Network Architect

Certified Wireless Network Expert (#200)
Information Technology Services
206 Machinery Hall
120 Smith Drive
Syracuse, New York 13244
t 315.443.3003   f 315.443.4325   e lhbad...@syr.edu w 
its.syr.edu
SYRACUSE UNIVERSITY
syr.edu

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Norton, Thomas 
(Network Operations)
Sent: Monday, October 16, 2017 8:41 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Big flaw in WPA2

So basically those are work around as in the interim, so don’t use 802.11r, 
mesh, or clarify engine. Fun stuff! Lee said it Best, let the panic begin lol

T.J. Norton
Wireless Network Architect
Network Operations

(434) 592-6552

[http://www.liberty.edu/media/1616/40themail/wordmark-for-email.jpg]

Liberty University  |  Training Champions for Christ since 1971

On Oct 16, 2017, at 8:30 AM, McClintic, Thomas 
> wrote:
This seems contradicting…



Workarounds
===
All vulnerabilities described in this advisory may be mitigated by
disabling certain features:
- For ArubaOS, ensure that 802.11r is disabled by verifying that any
   configured SSID profile does not contain a "dot11r-profile".  From the
   command line, "show wlan dot11r-profile" will list any 802.11r profiles
   that have been configured.  If the reference count is 0, 802.11r is not
   enabled.
- For InstantOS, ensure that 802.11r is not enabled in any configured WLAN.
- Disabling 802.11r on the AP infrastructure will effectively mitigate
   client-side 802.11r vulnerabilities.  It will not, however, mitigate
   client-side 4-way handshake vulnerabilities.
- Clarity Engine is a beta feature enabled only in special builds of
   software.  Customers who are participating in this beta should not use
   Clarity Engine until a software update has been completed.
- Mesh mode for both ArubaOS and InstantOS is vulnerable.  Until this
   vulnerability is patched, mesh networks should be disabled.
- Wi-Fi uplink mode for InstantOS is vulnerable.  Until this vulnerability
   is patched, the Wi-Fi uplink feature should not be used.


TJ McClintic



From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Lee H Badman
Sent: Monday, October 16, 2017 7:10 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Big flaw in WPA2

Let the panic begin.


From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Turner, Ryan H
Sent: Monday, October 16, 2017 7:51 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Big flaw in WPA2


https://arstechnica.com/information-technology/2017/10/severe-flaw-in-wpa2-protocol-leaves-wi-fi-traffic-open-to-eavesdropping/

Ryan Turner
Manager of Network Operations, ITS
The University of North Carolina at Chapel Hill
+1 919 274 7926 Mobile
+1 919 445 0113 Office
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/discuss.
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at

Re: [WIRELESS-LAN] Big flaw in WPA2

2017-10-16 Thread Norton, Thomas (Network Operations)

So basically those are work around as in the interim, so don’t use 802.11r, 
mesh, or clarify engine. Fun stuff! Lee said it Best, let the panic begin lol

T.J. Norton
Wireless Network Architect
Network Operations

(434) 592-6552

[http://www.liberty.edu/media/1616/40themail/wordmark-for-email.jpg]

Liberty University  |  Training Champions for Christ since 1971

On Oct 16, 2017, at 8:30 AM, McClintic, Thomas 
> wrote:

This seems contradicting…


Workarounds
===
All vulnerabilities described in this advisory may be mitigated by
disabling certain features:
- For ArubaOS, ensure that 802.11r is disabled by verifying that any
   configured SSID profile does not contain a "dot11r-profile".  From the
   command line, "show wlan dot11r-profile" will list any 802.11r profiles
   that have been configured.  If the reference count is 0, 802.11r is not
   enabled.
- For InstantOS, ensure that 802.11r is not enabled in any configured WLAN.
- Disabling 802.11r on the AP infrastructure will effectively mitigate
   client-side 802.11r vulnerabilities.  It will not, however, mitigate
   client-side 4-way handshake vulnerabilities.
- Clarity Engine is a beta feature enabled only in special builds of
   software.  Customers who are participating in this beta should not use
   Clarity Engine until a software update has been completed.
- Mesh mode for both ArubaOS and InstantOS is vulnerable.  Until this
   vulnerability is patched, mesh networks should be disabled.
- Wi-Fi uplink mode for InstantOS is vulnerable.  Until this vulnerability
   is patched, the Wi-Fi uplink feature should not be used.


TJ McClintic


From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Lee H Badman
Sent: Monday, October 16, 2017 7:10 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Big flaw in WPA2

Let the panic begin.


From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Turner, Ryan H
Sent: Monday, October 16, 2017 7:51 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Big flaw in WPA2


https://arstechnica.com/information-technology/2017/10/severe-flaw-in-wpa2-protocol-leaves-wi-fi-traffic-open-to-eavesdropping/

Ryan Turner
Manager of Network Operations, ITS
The University of North Carolina at Chapel Hill
+1 919 274 7926 Mobile
+1 919 445 0113 Office
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/discuss.
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/discuss.
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at

RE: Big flaw in WPA2

2017-10-16 Thread McClintic, Thomas

This seems contradicting…


Workarounds
===
All vulnerabilities described in this advisory may be mitigated by
disabling certain features:
- For ArubaOS, ensure that 802.11r is disabled by verifying that any
   configured SSID profile does not contain a "dot11r-profile".  From the
   command line, "show wlan dot11r-profile" will list any 802.11r profiles
   that have been configured.  If the reference count is 0, 802.11r is not
   enabled.
- For InstantOS, ensure that 802.11r is not enabled in any configured WLAN.
- Disabling 802.11r on the AP infrastructure will effectively mitigate
   client-side 802.11r vulnerabilities.  It will not, however, mitigate
   client-side 4-way handshake vulnerabilities.
- Clarity Engine is a beta feature enabled only in special builds of
   software.  Customers who are participating in this beta should not use
   Clarity Engine until a software update has been completed.
- Mesh mode for both ArubaOS and InstantOS is vulnerable.  Until this
   vulnerability is patched, mesh networks should be disabled.
- Wi-Fi uplink mode for InstantOS is vulnerable.  Until this vulnerability
   is patched, the Wi-Fi uplink feature should not be used.


TJ McClintic


From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Lee H Badman
Sent: Monday, October 16, 2017 7:10 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Big flaw in WPA2

Let the panic begin.


From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Turner, Ryan H
Sent: Monday, October 16, 2017 7:51 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Big flaw in WPA2


https://arstechnica.com/information-technology/2017/10/severe-flaw-in-wpa2-protocol-leaves-wi-fi-traffic-open-to-eavesdropping/

Ryan Turner
Manager of Network Operations, ITS
The University of North Carolina at Chapel Hill
+1 919 274 7926 Mobile
+1 919 445 0113 Office
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/discuss.
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/discuss.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.

RE: Big flaw in WPA2

2017-10-16 Thread Lee H Badman

Let the panic begin.


From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Turner, Ryan H
Sent: Monday, October 16, 2017 7:51 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Big flaw in WPA2


https://arstechnica.com/information-technology/2017/10/severe-flaw-in-wpa2-protocol-leaves-wi-fi-traffic-open-to-eavesdropping/

Ryan Turner
Manager of Network Operations, ITS
The University of North Carolina at Chapel Hill
+1 919 274 7926 Mobile
+1 919 445 0113 Office
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/discuss.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.

Re: [WIRELESS-LAN] Big flaw in WPA2

2017-10-16 Thread Norton, Thomas (Network Operations)

Yeah man, not good!

Looks like has a fix out already. 
https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.arubanetworks.com%2Fsupport-services%2Fsecurity-bulletins%2F=02%7C01%7Ctnorton7%40liberty.edu%7C4d81ad0b15a14283e3ca08d5148c52a8%7Cbaf8218eb3024465a9934a39c97251b2%7C0%7C0%7C636437515334893692=S2VY3yn%2FzTZnhPnliyIQQsIynV5fVg7oJk8qnvbBT1c%3D=0

T.J. Norton
Wireless Network Architect
Network Operations

(434) 592-6552

[http://www.liberty.edu/media/1616/40themail/wordmark-for-email.jpg]

Liberty University  |  Training Champions for Christ since 1971

On Oct 16, 2017, at 7:53 AM, Turner, Ryan H 
> wrote:


https://arstechnica.com/information-technology/2017/10/severe-flaw-in-wpa2-protocol-leaves-wi-fi-traffic-open-to-eavesdropping/

Ryan Turner
Manager of Network Operations, ITS
The University of North Carolina at Chapel Hill
+1 919 274 7926 Mobile
+1 919 445 0113 Office
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/discuss.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.

Big flaw in WPA2

2017-10-16 Thread Turner, Ryan H


https://arstechnica.com/information-technology/2017/10/severe-flaw-in-wpa2-protocol-leaves-wi-fi-traffic-open-to-eavesdropping/

Ryan Turner
Manager of Network Operations, ITS
The University of North Carolina at Chapel Hill
+1 919 274 7926 Mobile
+1 919 445 0113 Office

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.

Re: [WIRELESS-LAN] Big flaw in WPA2

RE: [WIRELESS-LAN] Big flaw in WPA2

RE: [WIRELESS-LAN] Big flaw in WPA2

RE: [WIRELESS-LAN] Big flaw in WPA2

Re: [WIRELESS-LAN] Big flaw in WPA2

Re: [WIRELESS-LAN] Big flaw in WPA2

Re: [WIRELESS-LAN] Big flaw in WPA2

RE: [WIRELESS-LAN] Big flaw in WPA2

Fwd: [mobility] time for WPA3?

Re: [WIRELESS-LAN] Big flaw in WPA2

Re: Big flaw in WPA2

Re: [WIRELESS-LAN] Big flaw in WPA2

RE: [WIRELESS-LAN] Big flaw in WPA2- Cisco Statement

Re: [WIRELESS-LAN] Big flaw in WPA2

Re: [WIRELESS-LAN] Big flaw in WPA2

RE: [WIRELESS-LAN] Big flaw in WPA2

RE: [WIRELESS-LAN] Big flaw in WPA2

Re: [WIRELESS-LAN] Big flaw in WPA2

RE: Big flaw in WPA2

RE: Big flaw in WPA2

Re: [WIRELESS-LAN] Big flaw in WPA2

Big flaw in WPA2

22 matches

Site Navigation

Mail list logo

Footer information