From the Security Experts

May 15, 2009

AirTight Reveals Wi-Fi Security Risks for Airspace

By SIP Trunking Report Contributor

In a recently released survey, AirTight Networks has exposed the wireless security vulnerabilities in the financial districts of New York, Chicago, Boston, Wilmington (DE), Philadelphia, San Francisco and London.

As the use of wireless devices and networks increases, companies are increasingly at the risk of exposing sensitive data to the hackers through the wireless networks. For hackers, it’s easier to hack a wireless network than a wired network.
According to the survey, 57 percent of the airspace scanned was dominated by open or WEP encrypted access points. It makes it very easy to sniff, decode, capture or misuse this data. Also, when connected to an internal network, open and WEP encrypted access points pose a serious risk to the network. The survey also discovered several instances of open APs that were connected directly to internal networks and leaking the identities of active users including company executives.
“In light of some rather spectacular data breaches involving financial information in recent years -- both wired and wireless -- in financial districts we expected to find well protected and configured networks, open or guest access isolated from corporate networks and strict enforcement of Wi-Fi security policies," said Pravin Bhagwat, CTO of AirTight. "What we found instead should give pause to security administrators working in industries with highly sensitive information such as financial services.”
AirTight has developed a list of best practices for the companies to safeguard their networks. To start with, the companies can opt for WPA, preferably WPA2, rather than WEP. They can also conduct ongoing wireless security audits and scans to detect the presence of unauthorized Wi-Fi devices and activity in your premises.
The company recently announced it has joined the QualysGuard PCI Connect Ecosystem launched today at the RSA Conference 2009 by Qualys. AirTight is integrating its unique SpectraGuard Online service to provide automated data feeds for wireless vulnerability management into QualysGuard PCI Connect. SpectraGuard Online is a modular hosted service using the same AirTight award-winning, patented, multi-tenant architecture.

Raju Shanbhag is a contributing editor for TMCnet. To read more of Raju’s articles, please visit his columnist page.

Edited by Jessica Kostek