Re: Multiple Vulnerabilities in Frame Aggregation and Fragmentation Implementations of 802.11

[Angelo Santabarbara]

Ruckus put up this Technical Support Response Center:  
https://support.ruckuswireless.com/fragattacks-ruckus-technical-support-response-center

They also have a nice YouTube interview about the vulnerabilities:  
https://www.youtube.com/watch?v=nfz6v2NsS2Y


—Angelo D. Santabarbara, MBA
Director Networks & Systems | Siena College
O 518-782-6996
E asantabarb...@siena.edu 
W siena.edu

 ***Siena ITS staff will NEVER ask for your password or other confidential 
information via email.***  

The Siena experience is built for a new generation of leaders eager to create a 
more just, peaceful and humane world. It empowers them through a transformative 
journey of intellectual, spiritual and personal discovery. 

CONFIDENTIALITY NOTICE: This email, including any attachments, is for the sole 
use of the intended recipient(s) and may contain confidential and privileged 
information. Any unauthorized review, use, disclosure, or distribution is 
prohibited. If you received this e-mail and are not the intended recipient, 
please inform the sender by e-mail reply and destroy all copies of the original 
message.

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

Re: Forcing Client Cert Selection in Windows for EAP-TLS

[Tim Cappalli]

No, there's really no way to do this with your configuration. Mixing GPO/MDM + 
a supplicant utility like SecureW2 is not recommended. It becomes a giant 
unpredictable tug of war.

From: The EDUCAUSE Wireless Issues Community Group Listserv 
 on behalf of Heavrin, Lynn 

Sent: Friday, May 14, 2021 10:07
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
Subject: [WIRELESS-LAN] Forcing Client Cert Selection in Windows for EAP-TLS


Has anyone used EAP-TLS where a Windows device has multiple client certs loaded 
in the personal store?  Is there a way to force it via GPO to choose one cert 
over the other to use for authentication?  The user certs from ADCS don’t 
always contain a private key in the personal store except on the first device a 
user logs into, so we moved to SecureW2 to guarantee it would work.  In Cisco 
ISE I trust both ADCS and SecureW2 CAs.  What is happening and what I’m trying 
to achieve is:



  1.  if a computer happens to have an ADCS User cert private key, it uses that 
one first and I want to try to force it to use the SecureW2 cert via GPO or 
some setting
  2.  For machine auth, I want it to always use the ADCS cert since there’s no 
private key issue.  There is no SecureW2 machine cert.  Due to this I don’t 
think I can just say “only use certs from this Issuer CA” because I need both, 
unless I can do that for user and machine separately.



Thanks,



Lynn Heavrin

Network Engineer III | Network Engineering

Washington University in St. Louis





The materials in this message are private and may contain Protected Healthcare 
Information or other information of a sensitive nature. If you are not the 
intended recipient, be advised that any unauthorized use, disclosure, copying 
or the taking of any action in reliance on the contents of this information is 
strictly prohibited. If you have received this email in error, please 
immediately notify the sender via telephone or return mail.

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://www.educause.edu/community

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

Forcing Client Cert Selection in Windows for EAP-TLS

[Heavrin, Lynn]

Has anyone used EAP-TLS where a Windows device has multiple client certs loaded 
in the personal store?  Is there a way to force it via GPO to choose one cert 
over the other to use for authentication?  The user certs from ADCS don’t 
always contain a private key in the personal store except on the first device a 
user logs into, so we moved to SecureW2 to guarantee it would work.  In Cisco 
ISE I trust both ADCS and SecureW2 CAs.  What is happening and what I’m trying 
to achieve is:


  1.  if a computer happens to have an ADCS User cert private key, it uses that 
one first and I want to try to force it to use the SecureW2 cert via GPO or 
some setting
  2.  For machine auth, I want it to always use the ADCS cert since there’s no 
private key issue.  There is no SecureW2 machine cert.  Due to this I don’t 
think I can just say “only use certs from this Issuer CA” because I need both, 
unless I can do that for user and machine separately.

Thanks,

Lynn Heavrin
Network Engineer III | Network Engineering
Washington University in St. Louis


The materials in this message are private and may contain Protected Healthcare 
Information or other information of a sensitive nature. If you are not the 
intended recipient, be advised that any unauthorized use, disclosure, copying 
or the taking of any action in reliance on the contents of this information is 
strictly prohibited. If you have received this email in error, please 
immediately notify the sender via telephone or return mail.

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

RE: [WIRELESS-LAN] Multiple Vulnerabilities in Frame Aggregation and Fragmentation Implementations of 802.11

[Hales, David]

Extreme's response page:

https://extremeportal.force.com/ExtrArticleDetail?an=95779


David Hales
Network Systems Administrator

Information Technology Services
Tennessee Tech University
1010 N. Peachtree Av., CLEM117
Cookeville, TN 38505
P: 931-372-3983
E: dha...@tntech.edu

From: The EDUCAUSE Wireless Issues Community Group Listserv 
 On Behalf Of Tariq Adnan
Sent: Tuesday, May 11, 2021 8:18 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Multiple Vulnerabilities in Frame Aggregation and 
Fragmentation Implementations of 802.11


External Email Warning

This email originated from outside the university. Please use caution when 
opening attachments, clicking links, or responding to requests.


FYI

https://therecord.media/wifi-devices-going-back-to-1997-vulnerable-to-new-frag-attacks/

Cisco's response:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wifi-faf-22epcEWu


-
Cheers,

Kind regards,
Tariq


**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://www.educause.edu/community

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community