Saturday, May 30, 2009

USA: survery finds Wi-Fi security vulnerabilities at 26 airports and seven financial districts

[Marketwire] Over the past 14 months, AirTight® Networks issued the findings from its studies of wireless security vulnerabilities at 26 airports worldwide and seven financial districts which indicate that many organizations have WLANs that are poorly protected against the risks posed by the proliferation of WiFi enabled devices and appear to lack visibility into wireless threats which would allow them to enforce wireless security and compliance policies.

President Obama recognized in his speech today the serious homeland security threats posed by cyber criminals not only to government organizations but also to the economic health of the United States. The President referred to the world of cyberspace that we depend on every day saying, "It's the broadband networks beneath us and the wireless signals around us, the local networks in our schools and hospitals and businesses and the massive grids that power our nation."

In its continuing series of studies, AirTight has set out to understand the risks to businesses and their corporate networks of data leakage while employees are sending sensitive information using unsecured, mis-configured or rogue wireless access points and circumventing corporate guidelines for the use of WiFi. The studies continue to find troubling results regarding the security posture of private Wi-Fi networks as well as the rapid spread of viral Wi-Fi networks.

"In this time of heightened security concerns, we were surprised to find core systems such as ticketing and baggage handling at major airports still using a broken encryption system such as WEP or open access points (APs)," said Pravin Bhagwat, CTO of AirTight. "And in light of some rather spectacular data breaches involving financial information in recent years -- both wired and wireless -- in financial districts we expected to find well protected and configured networks, open or guest access isolated from corporate networks and strict enforcement of Wi-Fi security policies. What we found instead is that the airspace in these financial districts is dominated by open or poorly encrypted WEP wireless APs. Many of these APs were using ineffective security practices such as hiding the SSID, and personally identifiable information was leaking out."

"These findings should give pause to security administrators working in industries with highly sensitive information such as financial services or who are charged with protecting critical services. It is time for all of these enterprises and government agencies to recognize the risks and implement WiFi security best practices," continued Bhagwat.

Studies of Airport and Financial District WiFi Risks Reveal Continuing Pattern of Poor Wireless Security Practices
see also AirTight Networks

No comments: