Study Exposes WLAN Security Risks

IT departments continue to ignore myriad security problems inherent to WLANs, according to study by RSA Security Inc.

As wireless networks continue to gain acceptance and become integral to corporate computing environments, IT departments continue to ignore the myriad security problems inherent to wireless LANs, according to a new study by RSA Security Inc.

The study found that of 328 wireless access points detected in downtown London, nearly two-thirds did not have WEP (Wired Equivalent Protection) encryption turned on. Also, 100 of the APs were sending out signals identifying the organizations that owned them, and 208 were installed using the default configuration.

The survey seems to confirm the suspicions of most security experts, who for years have warned that most WLAN implementations are essentially unprotected. RSA, based in Bedford, Mass., plans to release the surveys findings next week during the CTIA Wireless 2003 show in New Orleans.

RSA conducted the survey in November 2002 in several sections of downtown London. The survey was done by researchers driving through the city, using PDAs equipped with wireless cards and sniffer software.

This is the third such study the company has done, and the statistics show that the number of WLAN access points in the city has increased by nearly 200 percent since September 2001.

"The results of this survey astonished me. Corporations turning to wireless networks for operational flexibility without considering the security risks may be carelessly sacrificing the integrity of their systems," said Phil Cracknell, a security specialist with the Institute of Information Security in England, who helped carry out the survey. "The emanations from these wireless networks can and do leak outside their buildings providing access potential to hackers wherever they may be. This represents a real and significant threat to unprotected wireless networks."

Latest Wireless News:

Latest Security News:

Search for more stories by Dennis Fisher.

Find white papers on security or wireless.