Do I need to mention that this applies to remote locations? If you have employees who use a VPN to connect their local devices or routers to your network, you’ll need to make sure those are safe as well.
But even that’s only part of the job. You still have all of those IoT devices on your network. You’ll need to find devices that are using WPA2, which can be anything from security cameras to printers and make sure they’re updated. That’s assuming that your devices even have security and use WPA2. There are plenty of IoT devices where encryption was an afterthought that was never implemented.
Meanwhile, there are things you can do that don’t depend on WPA2 security. There’s still a lot of hardware out there that can use Ethernet, and while running a cable is annoying and possibly expensive, it’s not wireless. For mobile devices, you can turn off WiFi and depend on the encryption provided by your cellular provider.
You can also do a sort of triage to identify vulnerable devices that will require KRACK and possibly ROCA updates. If those devices have updates available, such as Windows computers, then update them. If they don’t, then identify any cases where they will touch sensitive information. If you find those, determine whether an alternate method such as using HTTPS connections will work.
You’ll need to consider eliminating any other older devices that will be difficult or impossible to patch. Those devices may include older Android phones and tablets for which updates are no longer available or IoT devices that can’t be updated.
There are some devices that may not matter. Even if the encryption on your wireless thermostat is hacked it may not matter, as long as the thermostat isn’t connected to your wider enterprise network.
The WiFi Alliance has pointed out that so far there’s no evidence that anyone has managed to break into a WiFi network using these vulnerabilities. The organization has now added testing for this vulnerability as a requirement for a device to be WiFi Certified, so new devices with the official label will have to show that they’re safe. However the Alliance cautions that users still need to confirm that any WiFi products they buy include the fix.
While most users will have dodged the bullet on these vulnerabilities, KRACK and ROCA demonstrate that you can’t depend on taking the easy way out when it comes to protection.
Your devices may have some protection such as encryption built in, but you still have to do the hard work of making sure that your data is fully protected that means your network has some method of protection beyond what comes with the products you use. That requirement won't change even when these vulnerabilities are fixed.