03-21-2012 01:22 PM - edited 07-03-2021 09:50 PM
What does the option WPA gtk-randomize State do when configuring Layer 2 Security under a new WLAN in a WLC (Code level 7.2)?
Thanks
03-23-2012 12:13 PM
This feature provides a config option to configure the GTK randomization on the WLAN.
By default GTK randomization is disabled on the WLAN (default behavior).
When enabled, GTK should be randomized for each client of the BSS.
When this is enabled, the client should not be able to decrypt the broadcast and multicast packets received.
This feature addresses the "Hole196" security vulnerability.
03-23-2012 12:27 PM
Correct, for the benifit of Jacob.
Unicast traffic is encrypted with the PTK key, which is unique per user. Each user has a different key and this key changes each time you authenticate to the network.
Broadcast and Multicast traffic is encrypted with the GTK key, which is shared by each client associated to said access point.
Although hole196 is a legit security hole. You have to be a trusted user to use it, meaning you need to be on the inside of the network already. If you are already in the network, why hack 196 ?
Make sense?
04-19-2012 01:52 AM
I know this is an inside only attack but a lot of attacks already happen from the inside. Attacks are not always to gain access to a network to use it but to steal information from other trusted users.
In our environment, a University, we feel that this inside attack is very real especially when running ethical hacking courses which probably cover such attacks. Some students will try these attacks out on the most convenient network they have available, ours. So although the user must already have access to our WLAN it doesn't mean that an attack will not happen.
We have a lot of "trusted" users, about 20,000, but to be honest I don't trust any of them.
12-04-2016 04:43 AM
Can anyone please explain how this feature works?
GTK has to be known to every STA to let them decrypt broadcast/multicast traffic. What does actually GTK randomize means? If every client get GTK randomized, doesn't it break the logic of broadcast/multicast? Does it mean both types of traffic become unicast if this checkbox is enabled?
Thanks
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide