Meraki

Community

About schoolNetTech

Re: Happy New Year! What are your Networking Resolutions?

by in Community Announcements
‎Jan 8 2018 1:49 PM
1 Kudo
‎Jan 8 2018 1:49 PM
1 Kudo
Two big(-ish) jobs for a part-time technician in a rather small school:   - Set up an Elasticsearch / Logstash / Kibana server to feed with all of the syslog information from the Meraki MX, MR and MS units here as well as events of interest from the Event Logs of our Windows endpoints. ALL THE LOGGING   - As part of this, make a big push to move all our services off a single PowerEdge T110 running 2008r2 onto a couple of rack mount servers so that I can run more services in VMs (including the above logserver), and also get everything onto Windows 10/Server 2016.   Bonus: Try to grab me a Meraki Certification, and maybe a Google Apps Administration one too. ... View more

Re: WPA2 Vulnerabilities, "KRACK", VU#228519

by in Wireless
‎Oct 16 2017 5:54 AM
‎Oct 16 2017 5:54 AM
@ModulusJoe even just the system stability improvements could have meant pulling in patches from upstream ... View more

Re: WPA2 Vulnerabilities, "KRACK", VU#228519

by in Wireless
‎Oct 16 2017 5:27 AM
‎Oct 16 2017 5:27 AM
As I have mentioned, I get the distinct feeling that this may be because a patch to this issue was silently rolled into OpenBSD far earlier than other developers were allowed to. If Meraki OS is BSD based, it could have got the patch then. (Source: https://www.krackattacks.com)         ... View more

Re: WPA2 Vulnerabilities, "KRACK", VU#228519

by in Wireless
‎Oct 16 2017 4:31 AM
‎Oct 16 2017 4:31 AM
Reply @ModulusJoe:   Ah, handy. That hasn't fed back to me yet. Good to hear that it was fixed. Wonder what their official press release will say... ... View more

Re: WPA2 Vulnerabilities, "KRACK", VU#228519

by in Wireless
‎Oct 16 2017 4:29 AM
‎Oct 16 2017 4:29 AM
As an update, I have raised a support case covering this issue on my account, and I have been told Meraki will provide an update on the issue "shortly".   Has anyone been able to try to exploit this vulnerability yet? I am offsite, so can't at the moment, however OpenBSD has been patched for ages so we *may* potentially already be patched depending on what the upstream for the Meraki network OS is. Wasn't Meraki mesh originally based off of OpenWRT (based off FreeBSD) or something when it was in research stages at MIT? ... View more

WPA2 Vulnerabilities, "KRACK", VU#228519

by in Wireless
‎Oct 16 2017 2:45 AM
18 Kudos
‎Oct 16 2017 2:45 AM
18 Kudos
Hi,   So this has been blowing up on Twitter, and does seem to be a pretty serious flaw with WPA2 rendering it pretty unusable for a security perspective. A few sites referencing this issue: https://www.krackattacks.com/ (Researchers' GitHub Pages site) https://arstechnica.com/information-technology/2017/10/severe-flaw-in-wpa2-protocol-leaves-wi-fi-traffic-open-to-eavesdropping/ https://www.theregister.co.uk/2017/10/16/wpa2_inscure_krackattack/ https://www.theguardian.com/technology/2017/oct/16/wpa2-wifi-security-vulnerable-hacking-us-government-warns Additionally, it looks like Ubiquiti have a firmware patch in the works to mitigate the issue.   For reference, here are the CVE numbers from the krackattacks.com page from above: CVE-2017-13077: Reinstallation of the pairwise encryption key (PTK-TK) in the 4-way handshake. CVE-2017-13078: Reinstallation of the group key (GTK) in the 4-way handshake. CVE-2017-13079: Reinstallation of the integrity group key (IGTK) in the 4-way handshake. CVE-2017-13080: Reinstallation of the group key (GTK) in the group key handshake. CVE-2017-13081: Reinstallation of the integrity group key (IGTK) in the group key handshake. CVE-2017-13082: Accepting a retransmitted Fast BSS Transition (FT) Reassociation Request and reinstalling the pairwise encryption key (PTK-TK) while processing it. CVE-2017-13084: Reinstallation of the STK key in the PeerKey handshake. CVE-2017-13086: reinstallation of the Tunneled Direct-Link Setup (TDLS) PeerKey (TPK) key in the TDLS handshake. CVE-2017-13087: reinstallation of the group key (GTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame. CVE-2017-13088: reinstallation of the integrity group key (IGTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame. What's the response from you guys regarding the possibility of getting this patched on our networks? (that is if a patch is possible, alternatively, what alternative authentication system do you recommend)   Cheers, Rob     ... View more
© 2024 Cisco Systems, Inc.