Businesses Improving Security Measures Of Wireless Access Points

• Jun 18, 2007

The number of wireless access points -- including public hotspots and business networks -- continues to rise at an explosive rate in the world's major financial centers, as revealed by research commissioned by RSA, the security division of EMC. The survey's findings also indicate that the call for stronger security in wireless networks is starting to resonate among businesses.

The largest year-over-year increase in wireless adoption was found in London, where there are 160 percent more wireless access points than in 2006. The percentage increase in New York was a substantial 49 percent; and in Paris, 44 percent. Looking purely at business access points, London also leads, with a 180 percent leap over last year, as compared to jumps of 57 percent and 45 percent New York and Paris, respectively.

As measured by the use of either advanced encryption or Wired Equivalent Privacy (WEP), London experienced notable improvement in the security of business wireless networks over the last year. In contrast, security levels in New York and Paris improved only incrementally. In the course of the past year, use of wireless security measures in business networks increased as follows:

• In London -- from 74 percent in 2006 to 81 percent in 2007.
• In New York -- from 75 percent in 2006 to 76 percent in 2007.
• In Paris -- from 78 percent in 2006 to 80 percent in 2007.

The survey results raise concerns about the continued use of WEP, despite awareness of its limitations, but traction in the use of more advanced encryption options is encouraging. Across all three cities there was significant use of advanced encryption, as measured by the implementation of 802.11i and Wi-Fi Protected Access (WPA). In London, 48 percent of the secured business access points detected had implemented advanced forms of encryption. In Paris the figure was lower, at 41 percent, and New York was comparable to London at 49 percent.

Yet as wireless access continues to become more pervasive, one-quarter to one-fifth of business wireless networks in three of the world's most important business centers remain wide open.

"As we evolve toward a 'wireless everywhere' world, we are witnessing enormous leaps in wireless connectivity, as highlighted by London's explosive growth in access points over the course of the last year," said Christopher Young, vice president for consumer and access solutions at RSA. "It is encouraging that almost half of all secured business access points are now using advanced forms of encryption, and we expect to see these numbers increase as awareness grows around the perils of operating inadequately secured wireless networks."

The survey also measured the number of wireless networks still configured according to default, out-of-the-box settings - which can make it easier for attackers to find ways to penetrate a network:

• In London, 30 percent of access points still had default settings -- big slide backward from 22 percent last year.
• New York improved slightly, with 24 percent of access points using default settings, down from last year's 28 percent.
• Parisian businesses and consumers are least at risk, with 13 percent of access points displaying default manufacturer settings, down from 21 percent last year.

Public hotspots continue to proliferate in the many places where people seek connectivity, such as coffee shops, airports and hotels. Last year's research detected 364 wireless hotspots on the London route; by 2007 this figure had risen to 461 -- a 27 percent increase. In New York the annual growth rate was 17 percent, and 15 percent of all wireless access points were found to be hotspots -- by far the highest percentage across the three cities. In Paris, hotspots increased 37 percent and represented 11 percent of all access points.

Near these hotspots are significant numbers of unprotected business networks -- that are clearly not hotspots, but still offer access to those who might accidentally or intentionally connect to them. This has added a new and disturbing dimension to the wireless security problem; the massive growth of hotspots for mobile users means that there are large numbers of mobile users who frequently seek connections throughout their travels. This introduces an even greater threat to businesses operating wireless networks with little or no security. Fueled by the availability and profusion of hotspots, mobile users expect to find wireless networks -- and know how to connect to them.