[ISN] Study Exposes WLAN Security Risks

From: InfoSec News (isnat_private)
Date: Thu Mar 13 2003 - 00:51:42 PST

  • Next message: InfoSec News: "[ISN] 2003 IEEE Symposium on Security and Privacy"

    By Dennis Fisher
    March 12, 2003 
    As wireless networks continue to gain acceptance and become integral
    to corporate computing environments, IT departments continue to ignore
    the myriad security problems inherent to wireless LANs, according to a
    new study by RSA Security Inc.
    The study found that of 328 wireless access points detected in
    downtown London, nearly two-thirds did not have WEP (Wired Equivalent
    Protection) encryption turned on. Also, 100 of the APs were sending
    out signals identifying the organizations that owned them, and 208
    were installed using the default configuration.
    The survey seems to confirm the suspicions of most security experts,
    who for years have warned that most WLAN implementations are
    essentially unprotected. RSA, based in Bedford, Mass., plans to
    release the survey's findings next week during the CTIA Wireless 2003
    show in New Orleans.
    RSA conducted the survey in November 2002 in several sections of
    downtown London. The survey was done by researchers driving through
    the city, using PDAs equipped with wireless cards and sniffer
    This is the third such study the company has done, and the statistics
    show that the number of WLAN access points in the city has increased
    by nearly 200 percent since September 2001.
    "The results of this survey astonished me. Corporations turning to
    wireless networks for operational flexibility without considering the
    security risks may be carelessly sacrificing the integrity of their
    systems," said Phil Cracknell, a security specialist with the
    Institute of Information Security in England, who helped carry out the
    survey. "The emanations from these wireless networks can and do leak
    outside their buildings providing access potential to hackers wherever
    they may be. This represents a real and significant threat to
    unprotected wireless networks."
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.

    This archive was generated by hypermail 2b30 : Thu Mar 13 2003 - 06:45:56 PST