AirDefense Delivers Comprehensive 'Report Card' on Wireless Security Practices of Various San Francisco Industries.SAN FRANCISCO San Francisco (săn frănsĭs`kō), city (1990 pop. 723,959), coextensive with San Francisco co., W Calif., on the tip of a peninsula between the Pacific Ocean and San Francisco Bay, which are connected by the strait known as the Golden -- AirDefense, the innovator that launched the wireless LAN security One issue with corporate wireless networks in general, and WLANs in particular, involves the need for security. Many early access points could not discern whether or not a particular user had authorization to access the network. market, today unveiled results from its comprehensive "San Francisco Wireless Security Vulnerability Survey." Conducted in March 2008 at more than 1,000 Bay Area corporations and government agencies, AirDefense assessed wireless security practices in four key industries, including: Finance, Government, Retail, Transportation and an overall review of major corporations in the city. During its research AirDefense discovered upgraded technologies in place with stronger encryption protocols at many Retail and Transportation locations. However, results were mixed in Finance and Government, with the majority of Access Points (APs) wide open or at best legacy encryption protocols in place. Overall, AirDefense associated the highest grade of B- to the Transportation industry, followed by the Retail industry with a C+, major corporations graded at C, Finance a C- and Government the lowest with a D. In total, AirDefense discovered 4,606 APs in use for connecting wirelessly to the Internet and corporate networks. Surprisingly, 1,040 or 22 percent of all APs were unencrypted, with more than 30 percent using Wired Equivalent Privacy Wired Equivalent Privacy or Wireless Encryption Protocol (WEP) is a scheme to secure IEEE 802.11 wireless networks. It is part of the IEEE 802.11 wireless networking standard. (WEP (Wired Equivalent Privacy) An IEEE standard security protocol for wireless 802.11 networks. Introduced in 1997, WEP was found to be very inadequate and was superseded by WPA, WPA2 and 802.11i. ), the weakest protocol for wireless data encryption data encryption, the process of scrambling stored or transmitted information so that it is unintelligible until it is unscrambled by the intended recipient. Historically, data encryption has been used primarily to protect diplomatic and military secrets from foreign , which can be compromised in minutes. In Government, an alarming 72 percent of APs were found to be unencrypted or using WEP, while in Finance 67 percent were found to be unencrypted or using WEP. The stronger protocols Wi-Fi Protected Access (networking, security) Wi-Fi Protected Access - (WPA) A security scheme for wireless networks, developed by the networking industry in response to the shortcomings of Wired Equivalent Privacy (WEP). (WPA WPA: see Work Projects Administration. WPA in full Works Progress Administration later (1939–43) Work Projects Administration U.S. work program for the unemployed. ) and WPA2 were used to encrypt 47 percent of APs. However, many of the WPA deployments used Pre-shared Key In cryptography, a pre-shared key or PSK is a shared secret which was previously shared between the two parties using some secure channel before it needs to be used. Such systems almost always use symmetric key cryptographic algorithms. (PSK (1) See preshared keys. (2) (Phase Shift Keying) A simple digital modulation technique that uses two different phase angles for 0 and 1. Quadrature PSK (QPSK) uses four phase shifts for each two bits of input. See phase modulation and DPSK. ) authentication and were deployed in a fashion that makes them extremely vulnerable to the same dictionary attacks that plague password based systems. AirDefense ranked each industry based on five key components, including: unencrypted/WEP enabled APs, probing laptops discovered, rogue APs, data leakage and APs in default mode. AirDefense averaged the results in each of the industries and associated a letter grade. In Retail and Transportation stronger encryption protocols and overall wireless infrastructure were discovered. Specific Retail findings were in line with results revealed in AirDefense's '2008 NYC NYC abbr. New York City NYC New York City Retail Wireless Security Survey' announced in January this year. The dangers of rogue access points are well documented. An employee, vendor or on-site consultant can unknowingly put all information assets at risk by attaching a $50 consumer-grade AP to an enterprise LAN (Local Area Network) A communications network that serves users within a confined geographical area. The "clients" are the user's workstations typically running Windows, although Mac and Linux clients are also used. . This simple act circumvents all existing network security by broadcasting an open connection to the enterprise network. Data leakage occurs when various systems or devices on a corporate network communicate with one another and much of this traffic is broadcast unencrypted over the airwaves for anyone to see. "AirDefense's comprehensive wireless vulnerability assessment in the Bay Area is intended to not only highlight the current deficient practices in wireless security being deployed by corporate America and the government, but also to highlight the necessary steps to ensure proper network protection," said Mike Potts, president and CEO (1) (Chief Executive Officer) The highest individual in command of an organization. Typically the president of the company, the CEO reports to the Chairman of the Board. , AirDefense. "With the 2008 RSA Conference days away some of the results might seem harsh but a matter-of-fact assessment of current wireless security deployment (or lack thereof) and best practices in preventing intrusions from occurring is needed." [TABLE OMITTED] AirDefense has been conducting vulnerability assessment surveys of the wireless security industry since its inception in 2001. It is the first and only company to produce comprehensive surveys across all major industries and wireless environments, including popular hotspots. The company's executives are the unrivaled experts in wireless intrusion prevention and detection. AirDefense recently completed the "2008 New York City New York City: see New York, city. New York City City (pop., 2000: 8,008,278), southeastern New York, at the mouth of the Hudson River. The largest city in the U.S. Retail Wireless Security Survey" of more than 800 retail locations in New York New York, state, United States New York, Middle Atlantic state of the United States. It is bordered by Vermont, Massachusetts, Connecticut, and the Atlantic Ocean (E), New Jersey and Pennsylvania (S), Lakes Erie and Ontario and the Canadian province of City's five boroughs. For more information and results, log onto: http://www.airdefense.net/newsandpress/01_14_08.php. In November 2007, the company's groundbreaking nationwide survey of more than 3,000 retail locations was met with much acclaim and praise by industry analysts and many high ranking IT security experts. For more information, log onto: http://www.airdefense.net/newsandpress/11_15_07.php. "Transportation and Retail were head and shoulders above the other industries in securing wireless networks and room for improvement in other industries was more apparent," said Richard Rushing, the survey's author and chief security officer, AirDefense. "Assessing the vulnerabilities of more than 1,000 locations in the Bay Area will ideally lead to needed improvements in wireless security practices currently being practiced today." About AirDefense AirDefense is the market leader in anywhere, anytime wireless security. The company is trusted by more Fortune 500 companies, healthcare organizations and high-security government agencies for enterprise wireless protection than any other company. AirDefense products provide the most advanced solutions for rogue wireless detection, policy enforcement and intrusion prevention, both inside and outside an organization's physical locations and wired networks. Common Criteria-certified, AirDefense enterprise-class products scale to support single offices as well as organizations with hundreds of locations around the globe. Founded in 2001, AirDefense is based in Atlanta, GA, and serves 700 government agencies and blue chip corporations. For more information, please visit http://www.airdefense.net or call 770.663.8115. |
|
||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion