Is Your WLAN Safe?

By Erik Linask

Associate Editor

 

Wireless networks — they add unheralded mobility and productivity to enterprises, where employees were formerly limited by network cables. Which is why WLANs are experiencing explosive growth in cities worldwide. 

 

According to research conducted by RSA Security, London experienced a 57 percent upswing in the adoption of wireless access points during the last 12 months; New York businesses added them at a 20 percent rate; and in Paris, the technology grew by a remarkable 119 percent in two years.

 

Although the uptake of wireless technology by enterprises is encouraging, it also presents a problem, which is one of security. As the number of WLANs increases, so, too, does the opportunity for hackers to gain access to corporate networks. The good news is that, as the WLAN industry has grown, enterprises have also paid greater attention to security issues — at some basic level, at least.

 

In London, New York, and Paris, businesses are securing their wireless networks by switching on the WEP encryption capability provided with their WLAN hardware:

 

“This is the fifth year we have commissioned this research — and the first year we have seen such a dramatic improvement in the number of secured wireless business networks,” commented Tim Pickard, area vice president of international marketing at RSA Security.

 

Indeed, such improvement is positive, but there is still much work to be done — nearly one quarter of businesses in three of the largest cities in the world still have not taken measures to protect their networks from malicious attacks.  Not only does this put the companies at risk, but it also increases the potential of viruses and Trojans being used to launch widespread attacks via their networks.

 

In addition to enterprise WLANs, the number of wireless hotspots also continues to rise, and with them, rogue hotspots — temporary wireless access points designed to look like a genuine AP in order to steal users’ confidential information. 

 

“Rogue hotspots currently constitute one of the most serious and most likely vehicles for wireless security breaches — they are easy to set up and an attacker is almost guaranteed a valuable crop of data in a short period of time,” said Phil Cracknell, Capgemini UK, Security Consulting Practice.

 

With a laptop computer and freely available software, the research team was able to pick up information from wireless networks while driving around city streets. The nature of the access point response, security levels, SSID values, broadcasting, physical location and presence of other access points with the same SSID enabled RSA to deduce which were public access systems and which were private business systems with a high degree of accuracy.  In the wrong hands this type of easy access to corporate and personal networks could be used to gain access to confidential information or disrupt business, or the network could be used to launch a Web-based attack on another organization.

 

What the RSA study points out is that advances in wireless technology can guide businesses to higher levels of productivity, but they need to take the proper precautions to ensure their wireless networks are safe from external predators. At the very least, this means enabling the very basic WEP security features that are a part of wireless setups — and fine tuning them to maximize their usefulness in your network. 

 

Nearly a quarter of the APs in Paris, London, and New York were still set to their default WEP settings, which isn’t nearly as effective as tweaking the settings to suit a particular network.  But at least it’s some kind of security measure, which is still better than none at all.