Tag: network security

Article

Expect the next-generation Wi-Fi network to have WPA3 security

What is WPA3? And some gotchas to watch out for in this Wi-Fi security upgrade | Network World

My Comments

Over the next few years, Wi-Fi routers, access points and client devices like computers and smartphones will be supporting WPA3 as a media-specific network security protocol.

At the moment, I will be focusing on the WPA3-Personal variant which is relevant to small networks like the typical home or small-business network. This kind of network security is also implemented in an increasing number of venue-based public-access networks in order to allow the venue owner to protect and authenticate the network and preserve its role as an amenity for the venue’s customers.

The WPA3-Personal network security protocol has the same method of operation as for a WPA2-Personal network. This is using a “Wi-Fi password” commonly known across all access points and client devices that use the network segment.

But it describes this “Wi-Fi password” as Simultaneous Authentication Of Equals rather than the previous Pre-Shared Key used in previous WPA-Personal implementations. It also affects how this “Wi-Fi password” is represented and encrypted in order to protect it against an off-site brute-force cracking attempt.

As well, each connection between the client device and the access point is encrypted in a manner unique to that connection.

The initial onboarding process will be typically based on the traditional password-entry method. But it will also implement Wi-Fi EasyConnect which uses a QR code or WPS-based push-button setup.

The Wi-Fi WPA3 security protocol may take years to become mature while a secure surefire codebase for client-side and access-point-side implementations is worked out. The initial codebase was found to have software weaknesses in the early Personal-setup implementation and is being debugged now.

A question that will be raised is whether an upgrade to WPA3 security will require new hardware for either the client device or the access point or if this can be performed using revised firmware that has the necessary software code. This may depend on whether the hardware uses a purely software-defined approach for managing its functionality.

There will be situations that will take place regarding existing equipment and WPA3-capable equipment. Here, a WPA3 client like a smartphone can work with an existing WPA2-compliant Wi-Fi network segment but not have the full benefits. Similarly, a WPA3-capable Wi-Fi network segment will need to be operated in a “transition mode” to allow existing WPA2-compliant client devices to connect. Again, this doesn’t provide all the benefits of a Wi-Fi network segment secure to WPA3 standards.

You can also work around this limitation by implementing two Wi-Fi network segments that have separate ESSIDs. One of these could be configured to work the current WPA2-Personal standard while the other is set up purely for WPA3-Personal. This practice may come in to its own if you have a Wi-Fi network using the latest standards while you maintain another using tried-and-trusted standards.

If you are running a recent NETGEAR router, make sure its firmware is up to date

Article

Netgear Patches Its Router’s Security Holes, Download Your Updated Firmware Today | Lifehacker

From the horse’s mouth

NETGEAR

Original Security Advisory

Models affected

My Comments

NETGEAR had faced a serious problem with some of its recent-model routers due to a security exploit in the firmware that drives these network-Internet “edge” devices. Previous coverage about this issue had required you to use another router for your home network to stay secure.

This has had NETGEAR rush out firmware updates for each of these affected routers in order to mitigate the recently-discovered security exploit.

A problem that besets most of the commonly-available home-network bardware is that firmware updating requires you to visit the manufacturer’s site, download the firmware as a special file package for your device, then upload that package to your device via its Web-based management interface. This can daunt some computer users who haven’t much experience with these kind of hardware maintenance tasks.

Personally, I would like to see steps taken to support automatic firmware upgrades such as what AVM are doing with their Fritz!Box devices, or at least the ability to click on a button in the management interface to start the download and update process for the device’s firmware. This is a practice that is being implemented in most of the European-made modem routers, along with most consumer-electronics devices like Smart TVs and set-top video peripherals.

There is also the issue of protecting the update files so that you aren’t installing malware on your device and it may involve processes like authenticity checks for software delivered as part of a firmware update or functionality add-on.

The update procedure

The update procedure will require you to download the updated firmware package using your regular desktop or laptop computer. Here, they recommend that you connect your regular computer directly to the router using an Ethernet cable if you can do so for the download and update process to be sure that this process works reliably.

Follow the link listed in this article to the NETGEAR-hosted support page for your router’s model. You will see the link for the firmware package you need to download. Here, you download that firmware package to your “downloads” folder.

Then, once you have downloaded the firmware from the NETGEAR site, you log in to your router’s management page from that same computer using your favourite Web browser. For these routers, the URL is http://www.routerlogin.net. Subsequently, you have to visit the ADVANCED tab, then the Administration option, then the Firmware Upgrade option.

In that screen, you click the Browse button, which will pop up a file-system dialog box where you have to find the firmware file that you downloaded in your “downloads” folder. Once you have selected the firmware file, click the Upload button to transfer the firmware to your router, whereupon it will commence the updating process. Leave the router alone during this process so as not to interrupt this critical process. You will see a progress bar to indicate how the upgrade is progressing.

Once this update procedure is done, a good practice would be to regularly visit NETGEAR’s support pages for your particular router and check for newer firmware on a regular basis. Then, if there is newer firmware available for your device, update it following the instructions on their Website or the general instructions listed in this article.

Conclusion

The increased awareness by industry and computer media regarding software quality and data security for dedicated-purpose devices connected to the Internet along with consumer / small-business network-infrastructure devices is going to make companies who design these devices or the software that runs them wake up regarding these issues.

Articles

D-Link to padlock router backdoor by Halloween | PC World Business

D-Link plans firmware update to disable backdoor | The Register

From the horse’s mouth

D-Link

Update On Router Security Issue

My Comments

Recently, the computer press was awash with articles pointing to an exploit in some of the popular D-Link routers. Here, this has a computer on the local network pushing through a malformed URL to the router’s Web management page to bypass the login screen for the router’s management dashboard. This is more vulnerable with improperly-setup Wi-Fi network segments hosted by these routers or computers on the local logical network that are loaded with malware that takes advantage of this vulnerability.

Now D-Link are working towards offering revised firmware that fixes the exploit for each of the router models that are affected by this issue and is releasing this on their product support pages.

But of course, it is important to make sure that the wireless network segment that is part of your home or small-business network is secure with WPA2-Personal security and a random passphrase along with an SSID that doesn’t reflect the make or model of the router. Similarly, it is good practice not to enable remote administrative access on these routers and confine administrative tasks to the local network only.

This is in addition to other good computer housekeeping practices like running anti-malware software on your regular computers and being careful what you click on.

For that matter, I would encourage people to keep the firmware on their routers or other network hardware up-to-date in the same way we would keep operating systems and application software up-to-date.