Security alert: Sydney awash with vulnerable wireless LANs - News - Security

To print: Select File and then Print from your browser's menu

--------------------------------------------------------------
This story was printed from ZDNet Australia.
--------------------------------------------------------------

Security alert: Sydney awash with vulnerable wireless LANs

By Jeanne-Vida Douglas, ZDNet Australia
June 05, 2002
URL: http://www.zdnet.com.au/news/security/soa/Security-alert-Sydney-awash-with-vulnerable-wireless-LANs/0,130061744,120265780,00.htm

With IDC quoting approximately 60,000 wireless LANs in Australia, unwary businesses -- including a leading international bank -- are leaving themselves wide open to hack attacks.

ZDNet Australia recently discovered the extent of the threat on a wardriving mission with Jason Edelstein, principal consultant for IT consultancy Sense of Security.

Having demonstrated the ease with which wireless LANs are detected through a technique known as wardriving, Edelstein pointed out that many companies were putting themselves at risk unnecessarily, by failing to take simple measures to prevent wireless hackers from gaining access to their data.

-Many of the systems are easily detected using readily available, affordable software, and don't even have the default encryption turned on," Edelstein said. He pointed out, however, that the vendor default encryption was by no means desirable as the keys were easily obtained by people in the industry. -If you can find out who the manufacturer is, it is easy to see into the network if the default encryption is used."

-It is easy enough to park alongside a building and use their wireless network to download information," he added.

While an encryption standard called Wired Equivalent Privacy (WEP) was created by the IEEE (Institute of Electrical and Electronics Engineers) with the release of the 802.11b wireless LANs standards, it is broadly recognised as easily broken and ineffectual.

Similarly Daniel Lewkovitz, senior consultant with IT security firm CMG, expressed concern regarding the proliferation of poorly protected wireless LANs in Australia.

-Some people say having WEP turned off is like waving a red rag to a bull," Lewkovitz said. -But it is important to use several layers of protection. Turn the encryption on, authenticate anyone coming onto the network and segregate the wireless access point. It is like having a steel gate and a balsawood door protecting your house, you are better off if both are closed and locked."