Wednesday, April 22, 2009

Wireless LAN Security Survey

Note: This article may prompt you to conduct an independent, company-wide WLAN Security Survey and Legal Compliance Vulnerability Assessment.
If so, be sure to read this.

via infosecnews.org...
Deloitte Touche (India) released the results of a survey titled, "Wireless Security Survey." 35860 wireless networks were surveyed.

Key findings...
• 37% appeared to be unprotected i.e. without any encryption.
• 49% were using low level of protection i.e. Wired Equivalent Privacy (WEP) encryption.
• Balance 14% were using the more secure Wi-Fi Protected Access (WPA/WPA2).
• This makes around 86% of the observed wireless networks vulnerable. (more)

Records from Murray Associates on-site WLAN security surveys show IT departments in the U.S. maintain better security.

However...
More costly problems (legal and espionage) are discovered in almost every system we inspect...

PROBLEM 1: Non-compliance with applicable laws:
• Sarbanes-Oxley Act – U.S. Public Companies
• HIPAA – Health Insurance Portability and Accountability Act
• GLBA – Gramm-Leach-Bliley Financial Services Modernization Act
• PCI-DSS – Payment Card Industry Data Security Standard
• FISMA – Federal Information Security Management Act
• DoD 8100.2 – Use of Commercial Wireless Devices, Services, and Technologies in the Department of Defense Global Information Grid
• ISO 27001 – Information Security Management
Basel II Accord – Banking
• EU - CRD (Cad 3) – EU - Capital Requirements Directive - Banking


Just one loophole... Hackers are in. Data is out. & "You are out of compliance."

and...

PROBLEM 2: The WiPhishing Vulnerability (in laymen's terms)
I am sure you can remember the name of every person you have loved. Laptop computers remember the names of their past connections, too. Unlike you, however, laptops keep trying to reconnect every time they are turned on.

Unauthorized re-connections are never a good idea, with lovers or computers.

Data hackers pretend to be an old connection. They set up a Wi-Fi station with the old flame’s name (hhonors, starbucks, boingo etc.) Laptop gets turned on; automatically connects. Hacker steals sensitive corporate data on laptop.

Wait! It get’s worse...

Your employee returns to the workplace, jacks the laptop directly to your corporate LAN and logs in. The data hacker is right in there, too! (background)
Posted by at
Labels: , , , , , , , ,