Quick Wireless Network Security Reminders

Tuesday, May 29, 2012

Brent Huston

E313765e3bec84b2852c1c758f7244b6

I recently tested a couple of Android network stumblers on a drive around the city and I found that not a lot has changed for consumer wireless networks since I last stumbled.

There are still a TON of unprotected networks, default SSIDs and WEP networks out there. It appears that WPA(x) and WPS have been slower to be adopted than I had expected.

I don’t know if that is consumer apathy, ignorance or just a continued use of legacy hardware before the ease of push button WPS. Either way, it was quickly clear that we still have a long way to go to deprive criminals of consumer-based wireless network access.

The good news is that it appears from this non-comprehensive sample that the businesses in our area ARE taking WiFi security seriously.

Most networks easily coordinated with a business were using modern security mechanisms, though we did not perform any penetration testing and can’t speak to their password policies or detection capabilities.

But for the most part, their SSIDs made sense, they used effective crypto and in most cases were even paying attention to channel spread to maximize the reliability of the network.

This is good news for most organizations and shows that much of the corporate awareness and focus on WiFi security by vendors seems to be working. It makes the business risk of these easy-to-deploy systems more acceptable.

I also noted that it was apparent on the consumer side that some folks deploying WiFi networks are paying attention. We saw SSIDs like “DontHackMe”, “DontLeechMeN3rds”,”Secured”, “StayOut”., etc. Sadly, we also saw plenty of SSIDs that were people’s names, addresses, children’s names and in one case “PasswordIsPassword1″.

Clearly, some installers or consumers still haven’t seen the dangers of social engineering that some of these names can bring.

So, while we have seen some improvement in SSID selection, there is still work to be done to educate folks that they need to pick non-identifiable information for broadcast.

That said, how can we better teach consumers about the basics of WiFi security? What additional things could we do as an industry to make their data safer at home?

Cross-posted from State of Security

Possibly Related Articles:
5033
General
Information Security
Encryption Wireless Enterprise Security Access Control Network Security WPA WEP SSID
Post Rating I Like this!
Default-avatar
Robert Mora Service Set Identifier(SSID) is the name used to identify local area wireless network so it must be confidential.
telephone systems nj
1363771884
Default-avatar
Robert Mora Service Set Identifier(SSID) is the name used to identify local area wireless network so it must be confidential.
[url=http://www.teleco4.com/]telephone systems nj[/url]
1363771939
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.