|
Newsletters
|
|
|
|
|
|
WirelessDevNet.com Press Release
WLANs at CTIA Fall Short of Secure
ATLANTA, March 30 -- Touted as the largest wireless
conference, CTIA attracted leading wireless vendors to the Georgia World
Congress Center March 22-26 providing a breeding ground for wireless
interactions, security risks and network invasions. AirDefense Inc., the
leader of 24x7 monitoring of wireless LANs, conducted a study of wireless LAN
(WLAN) activity on March 23 identifying wireless attacks, security
vulnerabilities and performance issues.
AirDefense studied WLAN traffic flow at the conference over the course of
four hours. AirDefense then analyzed the behaviors and associations that
resulted. AirDefense found the following operating infrastructure:
-- 216 access points
-- 24 Soft APs, laptops that function as access points
-- 609 user stations
-- 969 BlueTooth devices
-- 42 ad-hoc networks, associations between two wireless devices without
connection to an access point
AirDefense analyzed WLAN activities and identified usage patterns, network
bottlenecks and problematic stations and access points that could jeopardize
the enterprise wireless LAN. The data further illustrated excessive access
points on the same channel causing interference and performance degradation.
The majority of wireless LAN activity at the tradeshow, as identified by
AirDefense, was Instant Messaging, e-mailing and web browsing. In spite of
the visibility of security issues, less than five percent of the conference
attendees connected to their corporate email accounts via a secure virtual
private network (VPN) and less than 10 percent used encryption.
"The amount of insecure communications over the air was overwhelming,"
said AirDefense Chief Security Officer Richard Rushing. "Attendees rushing to
check in with the office between sessions do not realize the ease with which a
hacker can lift usernames, passwords and confidential information simply by
having the attendees' laptop or PDA connect with his rogue AP. What is more
interesting is the data we collected was from a show where people are supposed
to be security conscious, proving that, even in a well-trained world, security
risks and theft will and do occur."
AirDefense research found numerous risks and threats including:
-- 25 identity theft attacks on the T-Mobile and Cisco sponsored Hotspot
whereby intruders were stealing the identity of unsecured users to
connect to the network without being charged
-- 246 network scans from tools such as Netstumbler and operating systems
like Windows XP
-- 126 user stations sending out unanswered probe requests
-- 45 specific scans to compromise Hotspot network
-- Six Denial of Service attacks
-- AirSnarf, a SoftAP setup utility impersonating the Hotspot that steals
usernames and passwords
-- 48 BlueSnarf, a tool to connect to an unsecured device to gain access
to restricted portions of data
-- 393 BlueJack attacks including the sending of "MyDOOM," "Your Cute"
and "You Have WON" viruses
"Sharing information such as this should alert companies to the need to
protect their wireless and ultimately wired side data," said Anil Khatod,
chief executive officer of AirDefense. "With the industry's only extensive
solution for real-time wireless LAN monitoring, only AirDefense could provide
this level of insight into WLAN usage patterns and security risks."
About AirDefense, Inc.
AirDefense is the thought leader and innovator of wireless LAN security
and operational support solutions. Founded in 2001, AirDefense pioneered the
concept of 24x7 monitoring of the airwaves and now provides the most advanced
solutions for rogue WLAN detection, policy enforcement, intrusion protection
and monitoring the health of wireless LANs. As a key element of wireless LAN
security, AirDefense complements wireless VPNs, encryption and authentication.
Based on a secure appliance and remote sensors, AirDefense solutions scale to
support single offices, corporate campuses or hundreds of locations. Blue chip
companies and government agencies rely upon AirDefense solutions to secure and
manage wireless LANs around the globe. For more information, go
to http://www.airdefense.net .
|
|
|
