RSA: Wireless Security Making Headway, Though Vulnerabilities Remain

In its annual wardriving survey, EMC's RSA security division shared some good news about wireless security in New York City, London and Paris. However, work still needs to be done when it comes to enterprise deployment of advanced encryption. According to RSA, less than half of the corporate wireless access points in London and New York are using advanced encryption--a figure that lags far behind Paris.

EMC's RSA security division has some news about wireless security-and it's not all that bad.

Far from it as it turns out. In a snapshot of wireless networks in New York, Paris and London, RSA found that the vast majority of corporate access points in those cities are employing encryption. According to the findings, 97 percent of the 6,096 corporate access points in New York included in the study use encryption, compared with 94 percent in Paris.

Wireless security lagged far behind in London, where the figure was 80 percent. That percentage is actually a drop-off of 1 percent from where it stood in 2007.

But even with encryption generally widespread in the three cities, one form of encryption is not necessarily as good as the next. WEP (Wired Equivalent Privacy), for example, is known to be vulnerable but is still widely used.

"Such is the speed at which WEP can be routinely cracked that it barely constitutes paper-thin protection in the face of today's sophisticated hackers," said Sam Curry, vice president of Identity and Access Assurance at RSA, in a statement. "We would strongly urge wireless network administrators to discount WEP as a viable security mechanism and upgrade to WPA-or stronger-without delay."

Click fraud is increasingly driven by botnets. Read more here.

When it came to advanced forms of wireless encryption such as the 802.11i-based Wi-Fi Protected Access (WPA) or WPA2, Paris led the way. Some 72 percent of all the 3,265 corporate access points there are using advanced encryption. This compares with 49 percent in New York and 48 percent in London.

It is critical, Curry said, that business access points have some sort of encryption-even if the corporate network itself can only be accessed via an encrypted VPN.

"Not using WPA1 or WPA2 can leave the organizations involved vulnerable to whole classes of attacks against both access points and wireless client computers," he said.

Shockingly, users of personal wireless networks are paying just as much-if not more-attention to security than their corporate counterparts. The study found that 97 percent of in-home networks in New York are using encryption, as are 98 percent of personal networks in Paris and 90 percent in London.

In addition, the percentage of home users with advanced encryption outpaces the business sector in Paris and New York. Sixty-one percent of the roughly 1,661 in-home networks in New York included in the survey are using advanced encryption, compared with about 49 percent among corporate access points.

In Paris, it is 75 percent, while in London the number stands at 48 percent for both business and in-home wireless networks.

"As wireless networks continue to improve in terms of speed, bandwidth, safety-and ubiquity-this is good news for businesses and consumers alike," Curry said.