With a laptop computer and free software available from the internet, researchers were able to pick up information from company wireless networks by simply driving around the streets of London – the practice known as war-driving.
This study was the third round of WLAN (Wireless Local Area Network) research commissioned by RSA Security. Researchers counted a total of 328 wireless access points in the City in 2002. This rose to 1,078 in 2003.
Security was measured according to those access points with WEP encryption. In 2002, 63% did not have WEP encryption; in 2003, the figure fell to 34%. WEP stands for Wired Equivalent Privacy. It is a standard security protocol that, as its name suggests, is designed to provide a WLAN with a level of security and privacy comparable to what is usually expected of a wired LAN.
Of the 34% without WEP encryption, another 19% (70) employ strong Virtual Private Network (VPN) protection and the researchers said they believe that many other access points could have had MAC (Medium Access Control) Address Screening or other undetectable security methods.
Tim Pickard, strategic marketing director EMEA, commented:
"To be able to send a positive message back to businesses that their IT investment in wireless is delivering on expectations, due to improved security techniques, is an encouraging trend."
However, the survey also revealed that 25% of access points still do not meet all best practice security guidelines. These businesses are at risk because they are failing to reconfigure network default settings. This allows important network information to be broadcast into the street, providing potential hackers with valuable intelligence to launch an attack.
Phil Cracknell, the author of the research, warned that this indicator could still mean that there were significant wireless network risks to consider in 2004. He commented:
"The 25% of poorly configured access points suggests that employees and departments could be deploying rogue wireless networks within their business without the knowledge of IT managers. The price of access points has fallen rapidly and can now be bought for as little as £140 – a purchase that could easily be made on expenses."
In the secure networks, evidence was also found of the rapid adoption of the new 802.11g wireless network specification – the latest interoperable standard to deliver improved security, additional speed and stability to wireless networks.
Phil Cracknell added:
"The number of systems incorporating both 802.11b and 802.11g on the same network reinforces the fact that wireless networks are being implemented at the heart of IT infrastructures. By embracing new wireless standards and creating a clear migration path, businesses are cementing the future of WLANs, especially as second-generation installations are occurring only three years after its initial introduction."