http://www.eweek.com/article2/0,3959,926129,00.asp By Dennis Fisher March 12, 2003 As wireless networks continue to gain acceptance and become integral to corporate computing environments, IT departments continue to ignore the myriad security problems inherent to wireless LANs, according to a new study by RSA Security Inc. The study found that of 328 wireless access points detected in downtown London, nearly two-thirds did not have WEP (Wired Equivalent Protection) encryption turned on. Also, 100 of the APs were sending out signals identifying the organizations that owned them, and 208 were installed using the default configuration. The survey seems to confirm the suspicions of most security experts, who for years have warned that most WLAN implementations are essentially unprotected. RSA, based in Bedford, Mass., plans to release the survey's findings next week during the CTIA Wireless 2003 show in New Orleans. RSA conducted the survey in November 2002 in several sections of downtown London. The survey was done by researchers driving through the city, using PDAs equipped with wireless cards and sniffer software. This is the third such study the company has done, and the statistics show that the number of WLAN access points in the city has increased by nearly 200 percent since September 2001. "The results of this survey astonished me. Corporations turning to wireless networks for operational flexibility without considering the security risks may be carelessly sacrificing the integrity of their systems," said Phil Cracknell, a security specialist with the Institute of Information Security in England, who helped carry out the survey. "The emanations from these wireless networks can and do leak outside their buildings providing access potential to hackers wherever they may be. This represents a real and significant threat to unprotected wireless networks." - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Thu Mar 13 2003 - 06:45:56 PST