Monday 23 October 2017

eSolutions Updates - WiFi vulnerability / Going overseas ?

WiFi KRACK vulnerability:
You may be aware from the news that a new vulnerability has been discovered in the security of WiFi connections. Details of how to exploit this vulnerability were published online by a security researcher this week. We can assure you that all of eSolutions relevant areas have given it the attention and priority it deserved. As many of you would have already read about this worldwide vulnerability in the mainstream media and may be wondering what it means for you. Here are a few key points.
What does this mean to you ?
If you are connecting to a website via a secure web connection in your browser, that browser based security is still intact. If someone were to capture your compromised WiFi network traffic, all they would be capturing is the encrypted communication between your browser and the secure website. They would still not be able to easily read the information you are sending to and from that secure web site.  A secure website can be identified where the web site address is a HTTPS address, rather than an unencrypted HTTP address, and you have an indicator in your browser address bar showing the web site as secure. Another example would be if you connect to a secure VPN after connecting to a wireless connection. Any traffic sent via the VPN would still be protected by the whatever encryption the VPN provides. 
  
What do you need to do ?
  • Update all the wireless devices you own (including your home router, SMART TV & printers) - We've spoken about the importance of device updates in the past, if you have been keeping your devices updated, most of you would have received the latest patch to address the vulnerability. If you haven't updated in a while, now is a good time.
  • Access websites that are secure

In Conclusion

While this vulnerability has resulted from a flaw in the underlying WiFi protocols, various operating system and device vendors have already released updates that will prevent the vulnerability from being applicable to your device. Microsoft quietly released a patch last week to do this for Windows 7, Windows 8, and Windows 10 operating systems. We have already deployed this patch to all Monash devices running our Standard Operating Environment (SOE) and it should apply to your device the next time you reboot it while connected to the Monash network. Apple has a patch in beta testing that should be released soon for iOS based phones, tablets and Mac computers. Android patches are in development but may take longer to release and may not apply to all Android devices.

Going overseas ?

With the end of year on the horizon, we are finding that many of you are either going overseas on business or leisure. We would like to take this opportunity to remind you to change passwords at least a week before your intended date of departure. Things can get tricky if you are overseas and your devices have not been synced with your new password.

Also, check all of your portable devices at least a week before your intended date of departure. We have recently had a spike in requests to work on laptops the day before or the morning of the trip. Last minute requests can sometimes jeopardise outcomes as parts may need to be ordered or the repair may take longer than usual.


No comments:

Post a Comment