San Francisco Government Gets Failing Grade on Wireless Security
AirDefense, an Atlanta-based network security company, tested the government wireless networks in San Francisco and has given them a failing grade.
On April 4th, AirDefense released its San Francisco Wireless Security Vulnerability Survey which gives San Francisco Government offices a “D” for wireless security. Other sectors fared slightly better, but all could use improvement.
The survey looked at five sectors for wireless security: finance, government, retail, transportation and major corporations. 4,606 access points (APs) were used to connect to these various wireless networks. The survey looked to the encryption of wireless APs, the strength of the Wireless Equivalent Privacy (WEP) encryption used, the presence of probing laptops, rogue APs set up by employees or hackers (very dangerous), any data leakage present, and the number of APs set in default mode.
The wireless security grades per-sector were:
|
Industry |
Total APs Discovered |
Unencrypted / WEP APs |
Leaked Traffic Over Aps |
Grade |
|
Major Corporations |
1,566 |
718 (46%) |
23% |
C |
|
Finance |
799 |
531 (67%) |
48% |
C- |
|
Government |
1,209 |
871 (72%) |
47% |
D |
|
Retail |
552 |
184 (33%) |
43% |
C+ |
|
Transportation |
480 |
149 (31%) |
0.52 |
B- |
The government in San Francisco has questioned the validity of the report, asking how an access point was identified as government vs. any other industry or consumer access point. The survey does not provide results for all of their tests (for the number of APs in default mode, for example), nor does it differentiate between any levels of government agencies.
The point of this survey was to prove, with relatively little resources, how much about wireless networks could be determined by connecting to APs by a single laptop computer. There are many areas of wireless security that can put companies at serious risk for data breaches. An employee who knowingly or unknowingly connects a cheap AP to the company LAN can circumvent network security and put information assets at risk. And the risks associated with default settings and unencrypted wireless networks are well documented. Regardless of how the survey was defined, it clearly pointed to many holes in existing wireless security practices across all industries within San Francisco.
Tags: wireless security, security, data security, it security, survey, wireless security survey, san francisco, failing grade
Via govtech, business wire
Leave a Reply