Opportunities for Wi-Fi hackers on the increase

Latest wireless Lans are popping up very fast, and many of them are insecure "rogue" access points.

Latest wireless Lans are popping up very fast, and many of them are insecure "rogue" access points.

This year, two-thirds of the City's Wi-Fi networks have WEP (Wired Equivalent Privacy), the basic Wi-Fi security standard, turned on.

The number of WLans in the city of London went up by 235% over the year.

According to the survey carried out by Cracknell Information Systems Security Partnership (CISSP), for the security supplier, RSA Security about half the WLans without WEP actually have VPN protection.

"Researchers believe many other access points could have had Mac address screening or other undetectable security methods," said RSA.

However, a quarter of access points do not follow all best practice guidelines, committing errors such as leaving insecure default settings on the access points.

"This allows important network information to be broadcast into the street, providing potential hackers with valuable intelligence to launch an attack," says RSA.

"The 25% of poorly configured access points suggests that employees and departments could be deploying rogue wireless networks within their business without the knowledge of IT managers," said Phil Cracknell of CISSP.

"The price of access points has fallen rapidly and they can now be bought for as little as £140 - a purchase that could easily be made on expenses."

While rogue networks continue to be a menace, the secure, IT-approved networks are moving quickly, said Cracknell.

A large proportion of the secure networks, backed by the IT department, were implementing the faster 802.11g standard as well as 802.11b.

"The number of systems incorporating both 802.11b and 802.11g on the same network reinforces the fact that wireless networks are being implemented at the heart of IT infrastructures," said Cracknell.

"By embracing wireless standards and creating a clear migration path, businesses are cementing the future of WLans, especially as second-generation installations are occurring only three years after its initial introduction." 

"I think IT policies have caught up in the enterprise," said Tim Pickard, strategic marketing director EMEA for RSA. "We will see fewer rogue access points in corporate environments in future. But there will be more in small businesses or remote offices, where they don't have enough IT support."

Many of the poorly configured access points were probably in small offices, attached to DSL routers, he said.

Peter Judge writes for Techworld

Read more on IT strategy