AirDefense releases Wi-Fi security data

by Steve Ragan - May 5 2008, 11:47

During Interop last week, wireless security vendor released the results of their annual wireless survey. The company took a sampling of wireless access points in the Las Vegas area, and discovered some interesting facts.

Retailers are offering Wi-Fi access to customers, with the hope of adding more traffic to their stores. AirDefense found the majority of retailers in Las Vegas using strong encryption protocols to protect data with sixty-five percent of the six-hundred forty Access Points (APs) discovered encrypted with Wi-Fi Protected Access (WPA) or WPA2. Sadly, eighty-two percent of the one-thousand five hundred fifty-seven APs discovered in Las Vegas hotels/casinos were using either no encryption or Wired Equivalent Privacy (WEP), the weakest protocol for wireless data encryption.

On the downside, many instances were discovered where retailers continue to use their store name in the Service Set Identification (SSID). AirDefense discovered high levels of data leakage as wireless functionality was added and left unprotected, increasing the risk of exposing point-of-sale information and consumer credit card information.

Other data collected in Vegas includes; Rogue APs present a huge threat with many interference and performance issues percolating creating the perfect cover for criminals. Unencrypted and encrypted wired sided leakage of security protocols (Spanning Tree, HSRP, CDP, VTP, DTP, VRRP, and NetBios), are a critical problem in the hotels and casinos as a leaking path is not just one way, it’s bi-directional, what leaks out can leak back in.

Many of the hotels/casinos surveyed have deployed some of the newest wireless switches and AP hardware. However, they are some of the only sites discovered to be using 802.11a. Minimal amounts of mis-configured APs were discovered, as had been seen in past surveys. However, Linksys, Netgear, and Dlink were found playing the role of rogue APs. AirDefense also discovered numerous interference and performance problems were discovered with the wireless networks throughout the city.

For more information:
Retail Wireless security
http://www.airdefense.net/newsandpress/retail_pressrelease.php

Wireless security study in San Francisco:
http://www.airdefense.net/newsandpress/04_04_08.php

Tech Herald security coverage for wireless security:
http://www.thetechherald.com/article.php/200818/832/

Around the Web