Press Releases

Atlanta – April 4, 2008 - AirDefense, the innovator that launched the wireless LAN security market, today unveiled results from its comprehensive “San Francisco Wireless Security Vulnerability Survey.” Conducted in March 2008 at more than 1,000 Bay Area corporations and government agencies, AirDefense assessed wireless security practices in four key industries, including: Finance, Government, Retail, Transportation and an overall review of major corporations in the city. During its research AirDefense discovered upgraded technologies in place with stronger encryption protocols at many Retail and Transportation locations. However, results were mixed in Finance and Government, with the majority of Access Points (APs) wide open or at best legacy encryption protocols in place.

Overall, AirDefense associated the highest grade of B- to the Transportation industry, followed by the Retail industry with a C+, major corporations graded at C, Finance a C- and Government the lowest with a D. In total, AirDefense discovered 4,606 APs in use for connecting wirelessly to the Internet and corporate networks. Surprisingly, 1,040 or 22 percent of all APs were unencrypted, with more than 30 percent using Wired Equivalent Privacy (WEP), the weakest protocol for wireless data encryption, which can be compromised in minutes. In Government, an alarming 72 percent of APs were found to be unencrypted or using WEP, while in Finance 67 percent were found to be unencrypted or using WEP. The stronger protocols Wi-Fi Protected Access (WPA) and WPA2 were used to encrypt 47 percent of APs. However, many of the WPA deployments used Pre-shared Key (PSK) authentication and were deployed in a fashion that makes them extremely vulnerable to the same dictionary attacks that plague password based systems.  

AirDefense ranked each industry based on five key components, including: unencrypted/WEP enabled APs, probing laptops discovered, rogue APs, data leakage and APs in default mode. AirDefense averaged the results in each of the industries and associated a letter grade. In Retail and Transportation stronger encryption protocols and overall wireless infrastructure were discovered. Specific Retail findings were in line with results revealed in AirDefense’s ‘2008 NYC Retail Wireless Security Survey’ announced in January this year.

The dangers of rogue access points are well documented. An employee, vendor or on-site consultant can unknowingly put all information assets at risk by attaching a $50 consumer-grade AP to an enterprise LAN. This simple act circumvents all existing network security by broadcasting an open connection to the enterprise network. Data leakage occurs when various systems or devices on a corporate network communicate with one another and much of this traffic is broadcast unencrypted over the airwaves for anyone to see.

“AirDefense’s comprehensive wireless vulnerability assessment in the Bay Area is intended to not only highlight the current deficient practices in wireless security being deployed by corporate America and the government, but also to highlight the necessary steps to ensure proper network protection,” said Mike Potts, president and CEO, AirDefense. “With the 2008 RSA Conference days away some of the results might seem harsh but a matter-of-fact assessment of current wireless security deployment (or lack thereof) and best practices in preventing intrusions from occurring is needed.”  
             

AirDefense has been conducting vulnerability assessment surveys of the wireless security industry since its inception in 2001. It is the first and only company to produce comprehensive surveys across all major industries and wireless environments, including popular hotspots. The company’s executives are the unrivaled experts in wireless intrusion prevention and detection. AirDefense recently completed the “2008 New York City Retail Wireless Security Survey” of more than 800 retail locations in New York City’s five boroughs. For more information and results, log onto: http://www.airdefense.net/newsandpress/01_14_08.php. In November 2007, the company’s groundbreaking nationwide survey of more than 3,000 retail locations was met with much acclaim and praise by industry analysts and many high ranking IT security experts. For more information, log onto: http://www.airdefense.net/newsandpress/11_15_07.php.

“Transportation and Retail were head and shoulders above the other industries in securing wireless networks and room for improvement in other industries was more apparent,” said Richard Rushing, the survey’s author and chief security officer, AirDefense. “Assessing the vulnerabilities of more than 1,000 locations in the Bay Area will ideally lead to needed improvements in wireless security practices currently being practiced today.”

About AirDefense
AirDefense is the market leader in anywhere, anytime wireless security. The company is trusted by more Fortune 500 companies, healthcare organizations and high-security government agencies for enterprise wireless protection than any other company. AirDefense products provide the most advanced solutions for rogue wireless detection, policy enforcement and intrusion prevention, both inside and outside an organization's physical locations and wired networks. Common Criteria-certified, AirDefense enterprise-class products scale to support single offices as well as organizations with hundreds of locations around the globe. Founded in 2001, AirDefense is based in Atlanta, GA and serves nearly 700 government agencies and blue chip corporations. For more information, please visit http://www.airdefense.net or call 770.663.8115.

AirDefense Contact:
Bill Keeler or Melissa Chan
Schwartz Communications
PH: 781-684-0770
airdefense@schwartz-pr.com

Kristin K. Callaway
AirDefense Public Relations
770-843-5256
kcallaway@airdefense.net