A leading security guru is making the rounds trying to increase awareness of wireless security, or rather the severe lack of such security. In a recent tour of San Francisco, Oakland, and Palo Alto, he discovered over 2,600 networks, nearly a third of which were not using any encryption at all. This effort did not uncover all the security flaws as the researcher did not want to cross the fuzzy line between legally detecting these networks and potentially breaking the law by trying to connect to them. The line is not clear because the courts have yet to weigh in on the topic of connecting to networks where the administrators have taken no precautions to secure their infrastructure.
A Road Map to Wardriving in These Times (San Francisco Chronicle)
A site map is a good place to start when assessing the potential signal leaks, and when done properly it can be a huge benefit to security personnel. These surveys are about to get far easier with technology from Airwave that promises to make spectrum analysis much easier as it runs on standard Intel Centrino 2 processors. Further security can be obtained with paint-and-window film that attenuate wireless signals to the point that they are extremely hard to detect outside the building.
How to: Conduct a Wireless Site Survey (Wi-Fi Planet)
How to: Prevent Parking Lot Attacks (Wi-Fi planet)
Though I do not handle the wireless security for my organization, I do handle it in my home. At work, since I am in education, there are huge potential holes that could be exploited as a result of the university’s desire to maintain open systems that anyone can connect to. These risks are mitigated with various technologies used to encrypt information between the clients and WAPs, but they are risks nonetheless. How focused is your organization when it comes to wireless security?