Government Technology - May 2008 - (Page 51) security 36 C O N T I N U E D F R O M PAG E Report Card: Wireless Security The AirDefense report assigns grades to five industries in San Francisco for the security of their wireless networks. Government received a D, the lowest of all the other industries. Industry Total APs Discovered Unencrypted / WEP APs Leaked Traffic Over APs Grade Major Corporations Finance Government Retail Transportation 1,566 799 1,209 552 480 718 (46%) 531 (67%) 871 (72%) 184 (33%) 149 (31%) 23% 48% 47% 43% 52% C CD C+ B- be deployed by hackers to gain entry into enterprise networks. 4. The detection of data leakage, which can occur when organizations add wireless functionality onto existing wired networks. 5. The number of APs set in the manufacturer’s default mode instead of proper security configurations. Of 1,209 total government access points discovered, 871 of them were unencrypted or used WEP, and had 47 percent traffic leakage over the network. By comparison, of 480 transportation APs discovered, 149 of them were unencrypted or encrypted with WEP, and had 52 percent data leakage. AirDefense Chief Security Officer Richard Rushing conducted the survey in March by taking two trips to San Francisco that lasted seven days total. Rushing went up and down streets with equipment — including a laptop, small antenna, portable hard drive and some storage media — to test wireless networks. He never entered any buildings or questioned anyone about networks, and no one was the wiser, which was his point. “You could sit on a park bench and open up a laptop in San Francisco and no one would look at you funny,” said Rushing. However, the report discloses data only on unencrypted/WEP APs in use in the industries and data leakage. It does not clearly specify how many rogue APs were found for each industry or which were in default mode. It also does not indicate how industries were catagorized. For example, public transportation would be a government agency, but AirDefense puts government and transportation in separate categories without specifying if a category overlap exists. The report also offers no distinction between different government levels, so readers can’t tell how security in the consolidated city and county of San Francisco compares with that of state or federal facilities operating in the San Francisco Bay Area. Roberts said wireless security in the city/ county government is healthy because the jurisdiction has taken a cautious approach. Rushing called government “kind of a latecomer to the wireless party.” He said agencies need more distinct policies in place with enforcement capabilities in order to raise the level of protection. More oversight would mean more motivation to improve. Additionally nongovernment industries have usually had wireless in place longer, so they’ve had longer to strengthen their networks. AirDefense released the survey two days before the 2008 RSA Conference, scheduled for April 7-11 at San Francisco’s Moscone Center. The event is an international security conference and expo. 51 Join Our Growing Government Team Apply your government experience to a career with ESRI, a company known for innovation and growth in the geographic information system (GIS) software industry. Our dynamic sales, marketing, and consulting experts work together to provide strategic direction and leadership for federal, state, regional, and local government agencies. We are looking for energetic, articulate people who are enthusiastic about GIS technology and have expertise in government-related disciplines for the following positions: These positions are based in our Washington, D.C., regional office and corporate headquarters in Redlands, California. Join the team dedicated to helping government agencies improve the quality of life for their constituents. Copyright © 2007 ESRI. All rights reserved. ESRI, the ESRI globe logo, and www.esri.com are trademarks, registered trademarks, or service marks of ESRI in the United States, the European Community, or certain other jurisdictions. ESRI is an equal opportunity employer. Learn more and apply online at www.esri.com/careers/govt. http://www.esri.com http://www.esri.com http://www.esri.com/careers/govt
For optimal viewing of this digital publication, please enable JavaScript and then refresh the page. If you would like to try to load the digital publication without using Flash Player detection, please click here.