Modernizing Authentication — What It Takes to Transform Secure Access
While in London for the InfoSecurity security conference recently, Kaspersky Labs senior virus analyst Alexander Gostev decided to probe the wireless public networks around the conference hall and in greater London.
What he found was the equivalent of a dentist with bad teeth. Almost two-thirds, 62 percent, of the 200 wireless access points at the conference were operating without security -- and most of them were access points in the booth of vendors selling security products.https://o1.qnsr.com/log/p.gif?;n=203;c=204634421;s=15939;x=7936;f=201702151714490;u=j;z=TIMESTAMP;a=20304455;e=iIt got a little better outside of the conference hall. Around Canary Wharf, only 40 percent of the 250 public WiFi (define) networks were operating without any encryption. Around the rest of London, Gostev found 49 percent of the public wireless access sites had no encryption whatsoever.
"It's obvious from the stats in this report people are not taking advantage of the security in these products," said Shane Coursen, senior technical consultant for Kaspersky's U.S. office. "The end lesson is: People putting up these access points need to be aware of the security built into these things and take advantage of the security in every way shape and form; and they are not."
Part of the issue comes from a lackadaisical attitude by show vendors, of all people, who may think, well, it's just a show, why secure it? But Coursen said they should be showing off their security by securing their own booth to start.
The laptops and systems behind the access points are as secure as the owner makes it, he added. If they connect through a fully unsecured access point and they're talking directly with corporate servers with no VPN (define)&npspconnection, then the traffic they transmit is going to be able to be intercepted, plain and simple.
That could mean someone gaining access to a user's laptop. Something similar happened to a Kaspersky researcher who was using a hotel's wireless access, and his Macintosh was hijacked by someone who used the unsecured hotel wireless network, said Coursen.