All, In light of the WPA2 exploit, I want to share an email exchange that I had with a colleague. Basically at the minimum disable 802.11r > >> On 10-16-17 18:21, Philippe Hanset wrote: >> So is it correct to state the following: >> 1) WPA2 is vulnerable > > Well, it wasn't properly implemented; so implementations are vulnerable. > >> 2) Firmware patches should fix infrastructure side and device side > > ... and quite some have them available already, and/or you disable 11r > for now, > >> 3) Unpatched infrastructure will put all devices at risk > > Yes and no; you can mitigate the risks by disabling 802.11r, and the > risk with eg. patched devices is that you could decrypt traffic from the > network to a client. > >> 4) Unpatched devices will be at risk when joining any infrastructure but >> will not risk the integrity of patched infrastructure. > > Unpatched clients will have the risk of having their data decrypted, or > (in the case of mostly Android) have no encryption at all for their > upstream data. > > Philippe Hanset www.eduroam.us www.anyroam.net >
********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/discuss.
