Date:03/05/2009 URL: http://www.thehindu.com/2009/05/03/stories/2009050355041100.htm
Front Page 86 p.c. networks surveyed 'vulnerable' T. Ramachandran KOCHI: How secure are wireless networks in our cities? Mostly not secure enough, if the results of a 'war driving' exercise conducted by Deloitte India across 12 cities is any indication. This exercise covered 35,860 wireless networks in these cities, and involved driving around selected areas with laptops having a built-in wireless card to capture information about networks in the neighbourhood. The survey results, released recently by Deloitte in association with Data Security Council of India, revealed that 86 per cent of the networks could have been "easy to compromise." That was because 37 per cent of them were unprotected (being used without any encryption), while 49 per cent were using a wireless security protocol with a low level of protection - Wired Equivalent Privacy (WEP), as opposed to Wi-Fi Protected Access (WPA) or Wi-Fi Protected Access 2 (WPA2), which offered higher levels of protection. The security issue has come under the spotlight following reports that unsecured wireless networks were used to send terror threats in recent times. Why are users lax in ensuring the security of their wireless networks? "Ready, cheap availability and ease of use means anyone can buy a WiFi access point (AP) and use it without understanding the security ramifications of their actions. And the out-of-box configuration of WiFi APs is without any security which many people end up using," wireless security expert Kaustubh Phanse told The Hindu. Mr. Phanse, a Wireless Architect with AirTight Networks, added that lack of awareness was the "primary problem." Going by the survey results, quite a few networks in Bangalore, Chennai, Hyderabad, Kolkata, Mumbai, National Capital Region, Ahmedabad, Indore, Jaipur, Lucknow, Nagpur and Pune need to beef up their wireless security. Among the bigger cities, Chennai seemed marginally better off with about 78 per cent of the networks surveyed being rated as vulnerable, while the figure ranged between 84 and 87 per cent in the case of the other cities - Bangalore, Hyderabad, Kolkata, Mumbai and National Capital Region, with the maximum vulnerability being observed in Mumbai. (The number of networks covered by the survey varied from city to city, and it comes with the rider that the results may not be representative of the wireless networks across the whole of India). Awareness needed Among the other cities, the vulnerability figure ranged from 69 per cent (Nagpur) to 93 per cent (Ahmedabad). Whether these were business or residential networks, the figures highlighted the need for better security awareness. These good practices have been suggested to help improve wireless security: . Give priority to updating the equipment firmware (code that is stored in read-only memory). . Enable encryption, to protect the data that is being transmitted. Opt for WPA, preferably WPA2, rather than WEP. . Turn off SSID broadcasting. Service Set Identifier a sequence of letters or numbers that constitutes the name or ID of the network. Most wireless access points have a way of broadcasting their identity and these can be used to hack into vulnerable networks. . Change the default SSID. The default SSID is set by the manufacturer and this should be changed to a unique one but not contain any personal information that could possibly be misused. . Change the default password - use a strong one. Wireless access points may be using default passwords, which are known to hackers. . Enable MAC address filtering. Media Access Control Address is usually a unique sequence of numbers and letters assigned to your networking hardware. With filtering you can choose the computers that are allowed to access your network. . Also remember to turn off the access points when they are not in use. . And do not assume that public hotspots are secure ones. Mr. Phanse said while most of these practices may prove effective, enterprise users should consider using a Wireless Intrusion Prevention System (WIPS) to ward off all kinds of wireless threats and prevent unauthorised wireless activity. "A true WIPS can not only alert the system administrator about potential threats, but can automatically block any unauthorised activity or threats, can maintain a forensics audit trail, and can even track the geographical location of the threat-posing wireless device allowing the administrator to manually confiscate it," he said. To unsubscribe send a message to [email protected] with the subject unsubscribe. To change your subscription to digest mode or make any other changes, please visit the list home page at http://accessindia.org.in/mailman/listinfo/accessindia_accessindia.org.in
