Truvantis Blog

WPA3 for WiFi is here! Almost.

Choosing the correct form of encryption will always be a game with moving goalposts. Encryption algorithms and associated transport protocols are found to have weaknesses or computing flaws as new power becomes available to brute force the hard math that encryption is generally built upon.

We are now stepping into the next stage of cryptography for both personal and enterprise level wireless networks. WPA3 is the latest evolution in the family and offers several unique features that address known issues with its predecessors that may allow it to stand the test of time.

Before addressing its new developments, it is important to have some concept of the history of Wi-Fi encryption. It all started with WEP (Wired Equivalent Privacy) in 1999: a form of encryption that's name explains its sole purpose. WEP provides the same level of security that you would get through an Ethernet connection. This method did not last very long; POC breaches were available by 2001, and by 2005, WEP was considered trivially hackable.

Thus, in 2003,  WPA (Wi-Fi Protected Access) was born. WPA provides a better software security component for Wi-Fi enabled devices, but it had a fundamental flaw. In order to be deployed to existing hardware that was built for WEP, WPA's encryption was initially TKIP (Temporal Key Integrity Protocol): an algorithm designed for backward comparability with such hardware. TKIP was ultimately found to be similarly ineffective. Even when using the newer AES crypto instead of TKIP, WPA still has weaknesses—one of which is a sister protocol for making the configuration of devices to work with an access point easier. Exploiting WPS is one of the most popular ways for WPA to be breached.

In 2006, the current, state-of-the-art WPA2 arrived. WPA2 migrated the best of both worlds by updating the software and hardware components. AES must be available, but TKIP can be used as a fall back. Direct attacks against WPA2 are obscure and require that you already have access to gain unauthorized further access.

The biggest problem with WPA2 is that it still supports WPS which can be breached in a few hours.

Read More

Topics: Security Program

Social Engineering Within Pentesting

Pentesting the People; social engineering is an easy vulnerability

When it comes to penetration testing of an enterprise, you instantly think about all the cool tools and tactics used to enumerate the target and locate a possible vulnerability that could be exploited to gain entry to that enterprise’s internal network. Have you ever thought about one of the biggest possible vulnerabilities that control the front doors of your enterprise? People. Every pentesting engagement should include some sort of physical and social engineering aspect. You can have the strongest perimeter in the world, but if your physical security team or the people manning your phone systems are susceptible to a social engineering attack, you can get breached very quickly.

Read More

Topics: Penetration Testing

Changes to SAQs for PCI DSS v3.2.1

Last month I wrote about the new PCI DSS standard version 3.2.1 and how nothing of significance had changed.

Though that remains true, the supporting documents have now been released and there is a change there that may impact your compliance and validation programs.

Read More

Topics: PCI DSS

What's new in PCI DSS 3.2.1

In May 2018, the PCI Security Standards Council, the authors of the PCI DSS standard, issued a new version of that standard - version 3.2.1. Let's review the changes from 3.2 to 3.2.1

Read More

Topics: PCI DSS

How much of your Information Security function can you safely outsource?

Outsourcing is now very common among technology companies. Sometimes a whole function is delegated externally such as accounting, HR, marketing. Even R&D can be delivered by remote teams, often in other countries.

So what about information security?

Read More

Topics: PCI DSS, SOC2, vCISO, HIPAA, CIS Controls, Security Program

Just Walk in the front door

As an aspiring penetration tester, it is not always the extensive rootkits or the backdoor metasploit exploits that you need to focus on with every testing engagement. Sometimes, the best way in is to just try the front door. If you can learn to master a simple, repeatable process of testing the login screens of any application, device or account, you will save yourself time and effort with establishing the scope of an engagement.

Read More

Topics: Penetration Testing

7 Advantages of using a "virtual CISO" (vCISO)


A growing trend in the world of Cyber Security is the outsourcing of some or all of the Information Security team.

This can be just a small part - vulnerability management; vendor risk management; responding to customer questionnaires. It could be just the leadership function, a virtual CISO or vCISO. Or it could be the entirety of the Information Security team.

As you evaluate the pros and cons of in-house vs. outsourced, consider the following.

Read More

Topics: PCI DSS, SOC2, CISO, vCISO, HIPAA, CIS Controls, Security Program

Common Key Controls Tested in PCI DSS assessments

As a company interested or required to become PCI DSS compliant, there are a list of key controls you must have in place and have proper auditing around to provide the PCI DSS auditors with during the testing period. Being able to easily identify where these controls live and how they are managed within your organization is primal. This article will give you a comprehensive overview of controls you need to get a jump start on the PCI DSS certification.

Read More

Topics: PCI DSS

The Secret Behind VI edit permissions

The art of penetration testing is one that takes a lot of fore-learned knowledge about a specific technology and system in order to really understand how they can be exploited. There are many loopholes that will allow potential malicious actors an opportunity to breach your systems. As a pentester, you want to continue to learn and build this playbook of checks to quickly execute within every engagement. One particular vulnerability that should be in every pentesting playbook is through the Linux OS and more specifically the file config editing tool called “VI”.

Read More

Topics: Penetration Testing

Hiding in plain sight: 3 Quick Checks for Low Hanging Fruit

Being able to quickly knock out the low hanging fruit vulnerabilities as a pen-tester is just having the knowledge that they exist and finding quick way to check for them. Here are a few quick hit, low hanging vulnerabilities that could provide the biggest kickoff point when doing an investigation.

Read More

Topics: Penetration Testing

Subscribe to Email Updates

Recent Posts

Contact Us