RSA: Wireless Security Getting Better, Still Needs Improvement

New research from RSA finds wireless security is gaining sophistication. But more companies need to wake up to better protection before it's too late

A new survey published this week by RSA concludes wireless security is improving, but too many organizations are still relying on primitive security protections when it comes to wireless networks.

The seventh annual Wireless Security Survey from security firm RSA finds wireless networks continue to grow at a rapid pace in the major cities around the world. The survey looked at New York, London, and Paris and examined the security of corporate wireless access points, public hotspots and in-home networks, according to a statement from the company.

The survey revealed London is the 'most wireless city' with a total of 12,276 access points, which exceeded the number in New York City by more than 3,000. Public hotspots - designed to allow anyone with a wireless device to access the Internet on a pay-as-you-go or pre-paid basis - continue to grow in prevalence across all three cities, said RSA officials. New York City is the leader in concentration of hotspots.

The survey also examined how many of the wireless access points detected were secured with some form of encryption, excluding hotspots. RSA officials said the 2008 results show some dramatic improvements in security practice. In New York City, 97 percent of corporate access points had encryption in place - up from 76 percent last year. The results are the best in the survey's history, said RSA. In Paris, 94 percent of corporate access points were encrypted. London still has 20 percent of all business access points unprotected by any form of wireless encryption.

Now that Wired Equivalent Privacy (WEP), the original wireless encryption standard, is discredited, "the 2008 survey paid close attention to the types of encryption in-play, and the relative adoption of more advanced forms of wireless encryption, including Wi-Fi Protected Access (WPA) or WPA2," RSA said in the statement. "Overall, the adoption of non-WEP advanced encryption is encouraging."

Paris lead the way in non-WEP security, with 72 percent of access points (excluding public hotspots) found to be using advanced security. New York City and London were more modest at 49 percent and 48 percent respectively. A majority of wireless access points relied on either on WEP or used no encryption at all, according to the survey.

Sam Curry, vice president of Identity and Access Assurance at RSA, criticized WEP and said it "barely constitutes paper-thin protection in the face of today's sophisticated hackers."

"We would strongly urge wireless network administrators to discount WEP as a viable security mechanism and upgrade to WPA - or stronger - without delay," said Curry. "It is also critical that business access points are protected by encryption - even if the corporate network itself can only be accessed via an encrypted VPN. Not using WPA1 or WPA2 can leave the organizations involved vulnerable to whole classes of attacks against both access points and wireless client computers."

Copyright © 2008 IDG Communications, Inc.

7 hot cybersecurity trends (and 2 going cold)