Information Security News mailing list archives

Previous By Date Next
Previous By Thread Next

Study Exposes WLAN Security Risks

From: InfoSec News <isn () c4i org>
Date: Thu, 13 Mar 2003 02:51:42 -0600 (CST)
http://www.eweek.com/article2/0,3959,926129,00.asp

By Dennis Fisher
March 12, 2003 

As wireless networks continue to gain acceptance and become integral
to corporate computing environments, IT departments continue to ignore
the myriad security problems inherent to wireless LANs, according to a
new study by RSA Security Inc.

The study found that of 328 wireless access points detected in
downtown London, nearly two-thirds did not have WEP (Wired Equivalent
Protection) encryption turned on. Also, 100 of the APs were sending
out signals identifying the organizations that owned them, and 208
were installed using the default configuration.

The survey seems to confirm the suspicions of most security experts,
who for years have warned that most WLAN implementations are
essentially unprotected. RSA, based in Bedford, Mass., plans to
release the survey's findings next week during the CTIA Wireless 2003
show in New Orleans.

RSA conducted the survey in November 2002 in several sections of
downtown London. The survey was done by researchers driving through
the city, using PDAs equipped with wireless cards and sniffer
software.

This is the third such study the company has done, and the statistics
show that the number of WLAN access points in the city has increased
by nearly 200 percent since September 2001.

"The results of this survey astonished me. Corporations turning to
wireless networks for operational flexibility without considering the
security risks may be carelessly sacrificing the integrity of their
systems," said Phil Cracknell, a security specialist with the
Institute of Information Security in England, who helped carry out the
survey. "The emanations from these wireless networks can and do leak
outside their buildings providing access potential to hackers wherever
they may be. This represents a real and significant threat to
unprotected wireless networks."



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.
Previous By Date Next
Previous By Thread Next

Current thread: