[ISN] City firms still failing to guard WLans
InfoSec News
isn at c4i.org
Tue Jun 22 06:58:37 EDT 2004
http://www.microscope.co.uk/articles/article.asp?liArticleID=131413
By Bill Goodwin
22 June 2004
Businesses in Europe's leading financial centres are failing to secure
their wireless access points despite the risk of "drive-by" hacking.
More than 33% of businesses surveyed in London, Milan, Paris and
Frankfurt are still making fundamental security mistakes, research by
RSA Security revealed.
The failure of companies to use basic wireless security standards,
such as WEP (Wired Equivalent Privacy), is leaving otherwise
well-protected corporate networks with holes that could be exploited
by hackers.
"Once hackers are connected, they can do what they like," said Tim
Pickard, director at RSA. "This instantly negates the effort and
investment organisations have made in other areas to secure the
corporate infrastructure."
The survey found that the number of wireless networks has increased by
770% to more than 1,000 in London during the past three years.
Although awareness of wireless security has improved, 33% of wireless
access points in London firms still do not use basic WEP encryption.
London businesses have also left 25% of wireless networks on their
default settings, broadcasting information about companies' IT systems
to potential hackers.
These lapses leave businesses open to hackers, who are able to locate
vulnerable access points by doing "drive-by" attacks armed with
low-cost equipment.
"In the worst case scenario, hackers could bypass a lot of the
traditional security, including firewalls, giving them access to
vulnerable parts of the network," said Pickard.
The picture is even worse in Frankfurt, where 41% of wireless networks
are unencrypted, along with 72% in Milan.
More information about the ISN
mailing list