This week began with the zero-day news for a bug that effectively broke WPA2 wireless security. KRACK, named for Key Reinstallation Attack, is a fundamental flaw in the operation of Wi-Fi Protected Access II, the security protocol upgrade from the old, broken WEP protocol.
The issue is with the systems four-way handshake that permits devices with pre-shared passwords to join a network. The vulnerability can be leveraged by The Bad Guys to decrypt traffic, hijack connections, perform man-in-the-middle attacks… pretty much eavesdrop on all communications from a WPA2-enabled device. Bad stuff.
Impacted vendors are releasing patches to fix the issues.
Massive zero-day events impacting core technologies highlight the need for IT groups to be able to roll out patches and firmware updates quickly and reliably. Vendor security advisories typically require configuration changes which can be a slow and expensive process in many organizations.
Uplogix has functionality to help with your zero-day responses. Our configuration management features ensure that previous configurations are saved and in the event of a new configuration push failing, Uplogix can automatically roll-back to the previous configuration. This is especially valuable in a zero-day mass-config change scenario where you can schedule changes on like devices through the Uplogix Control Center, and then only deal with the devices that didn’t update properly. With Uplogix you can push a config to one device, or thousands deployed across your network.
In the event of a zero-day issue that takes down your network, Uplogix can continue operating independently of the network over its dedicated out-of-band connection. Continuous monitoring means quick alerting when there are issues and the secure out-of-band access ensures access even when the primary network is down or degraded.
Uplogix can even be set up to push configurations for a “safe mode” for network devices, limiting functionality to effectively quarantine sections of your network until you are ready to bring services back up to regular operation.