Research into the development of wireless networking in four of Europe’s main financial centres has exposed a series of alarming loopholes that is leaving many businesses open to crippling data security breaches. Approximately 34% of businesses are making fundamental security mistakes resulting in unprotected wireless traffic. Adoption of second generation wireless technology apparent
The wireless LAN research commissioned by RSA Security in London, Paris, Frankfurt and Milan reveals that wireless network adoption is prolific. Confirmation of this rapid growth is found in the massive expansion seen in London over the last three years, where wireless networks have grown by 770% since 2001.
Not all guidelines being met
The European surveys revealed that businesses are not meeting security best practice guidelines. Although issues exist with the WEP encryption standard, a worryingly high proportion of businesses had not even configured their networks to reach the basic security levels. A daunting 72% of access points in Milan were unencrypted; 41% were unencrypted in Frankfurt; and in Paris and London, where the best encryption levels were found, still one third of all access points featured no encryption.
Organisations are also failing to heed the dangers of leaving wireless networks’ default settings unaltered. This can lead to the organisation’s name or geographical location being broadcasted and acting as bait to a would-be-hacker. 39% of all access points in Paris still displayed default values; this rose to nearly half of all access points in Milan, with Frankfurt showing around 33% of all access points. The lowest was London with 25% still displaying default values – however this is unsurprising because of the widespread exposure that ‘drive-by hacking’ has received in the UK during the last three years.
“The findings clearly demonstrate the scale of the wireless boom and reinforce the need for RSA Security’s vision to increase the understanding of security risks in the wired and wireless world,” commented Matthew Buckley, Communications Manager at RSA Security. “We have seen the WLAN debate gather pace in the UK and, reviewing the statistics, this certainly seems to have impacted the level of understanding among London businesses. However, the sheer volume of improperly configured networks across Europe is still concerning, and is leaving hundreds of businesses wide open to hacking.”
Adoption of new specifications puts wireless at the heart of business
The surveys have also revealed evidence of the rapid adoption of the new 802.11g wireless network specification – the latest interoperable standard to deliver improved security, additional speed and stability to wireless networks. Here, the Milanese are a step ahead of their European counterparts, with one in three of all networks using the new specification. In Frankfurt, just one in seven networks use the 802.11g technology; in London and Paris, the ratio was one in four.
Positive trend developing
An encouraging trend drawn from the London surveys, and seen to a lesser extent in the other European research, is the number of businesses starting to use Virtual Private Networks (VPNs) as an alternative to the flawed wireless encryption protocols. The highest percentage was in London where 19% of unencrypted access points (where no WEP was found) were using VPNs; in Frankfurt 11% of unencrypted access points had implemented a VPN; Paris saw 5%; and the lowest was Milan with only 2% of networks with no WEP deploying VPNs.
Buckley concludes: “Encrypting network traffic and strongly-authenticating users should be second nature to businesses of all sizes, and deploying a VPN is an easy way of achieving this. Unauthorised users can – and do – access poorly protected wireless LANs and once they are connected they can do whatever they like. This not only instantly negates the effort and investment organisations have made in other areas to secure the corporate infrastructure, but a security breach such as this can hit an organisation’s reputation and bottom-line and may result in litigation.”
Commissioned by RSA Security, the studies examined the emerging trends of wireless technology and security in the City of London, Paris, Frankfurt and Milan over the early months of 2004. The reports highlighted the following data: the number of access points in each city; which technologies are being favoured by businesses; whether Wired Equivalent Privacy (WEP) or other encryption protocols are being deployed; and if businesses are aware that their hardware’s default settings need to be updated to safeguard security.
* Break down of data from surveys conducted
||No WEP configuration
||VPN on unencrypted networks
For details of all the surveys or to download copies of the complete reports, please go to www.rsasecurity.com
About RSA Security
RSA Security helps organisations protect private information and manage the identities of people and applications accessing and exchanging that information. RSA Security’s portfolio of solutions - including identity & access management, secure mobile & remote access, secure enterprise access and secure transactions - are all designed to provide the most seamless e-security experience in the market. Our strong reputation is built on our history of ingenuity, leadership, proven technologies and our more than 14,000 customers around the globe. Together with more than 1,000 technology and integration partners, RSA Security inspires confidence in everyone to experience the power and promise of the Internet. For more information, please visit www.rsasecurity.com
Späť | Domov