Alpharetta, Georgia-based AirDefense previously reported on what it saw as a severe lack of wireless LAN security at the May Networld+Interop show in Las Vegas. And that was from just a two-hour monitoring sweep.
Last week at our own 802.11 Planet Conference & Expo in Boston’s World Trade Center, AirDefense set up two different locations on the exhibit floor to keep an eye on all the WLAN traffic for three full days — the company was billed as the official 802.11 Planet security provider.
In all, the two monitoring centers detected as many as 523 client stations connecting to the 141 available access points. And sadly, the results since the last big networking show haven’t changed much. In fact, end users taking advantage of the free wireless Internet access on the show floor left themselves especially open to hackers, whether malicious or curious.
The direct threats the company detected included scans by tools like Netstumbler (149), spoofed MAC addresses
The company even says it collected the signatures for as many as five attacks that have not yet been documented.
All of the above has to be expected at a show that focuses on wireless– imagine what it’s like at a show just for hackers. But perhaps more interesting is the numbers indicating how individual end users left themselves vulnerable. In the process of surfing the Web, checking e-mail, and instant messaging (the three most popular past-times of attendees… hopefully so they could share information about the quality of the panels and workshops…), few if any did so with any security. In fact, at most, AirDefense saw only 12 percent of users utilizing a secure tunneled Virtual Private Network (VPN)
Even worse, a total of 84 end users had set up their 802.11 client stations to allow an ad hoc connection — and 17 ad hoc networks were formed. This means users could have accidentally connected directly with other users, sharing files they won’t want to share and the possibility of being subject to direct attacks
AirDefense says the “most alarming vulnerabilities” included 74 users with open Service Set Identifiers (SSID)
AirDefense sells a self-titled WLAN security platform which captures all wireless information, and includes tools such as RogueWatch for detecting rogue access points, and AirDefense Guard for intrusion protection. The platform features a Linux-based central server appliance accessed via SSL Web browser interface for management; the server connects to remote sensors that monitor all packets in the air, something AirDefense has compared to video security cameras that just monitor WLAN traffic.