RSAS Rsa Security

* Number of encrypted networks rises in London and New York; Paris most secure * Almost one quarter of business networks remains unsecured in all surveyed cities * Number of wireless access points and public hotspots continues to rise LONDON, and BEDFORD, Mass., May 25 /PRNewswire-FirstCall/ -- The number of wireless networks in some of the world's major financial centres continues to rise at an explosive rate, research commissioned by RSA Security Inc. (NASDAQ:RSAS), the expert in protecting online identities and digital assets, has revealed today. The largest year-on-year rise was discovered in London, where there are 57% more wireless network access points today than in 2005. The percentage increase in New York was an impressive 20%. In Paris, the increase from 2004 to 2006 was 119%. Encryption of wireless networks increases -- Paris leads the way In both London and New York, more businesses are securing their wireless networks by switching on the WEP encryption capability provided as standard: * London -- WEP usage rose from 65% in 2005 to 74% in 2006 * New York -- WEP usage rose from 62% in 2005 to 75% in 2006 * Paris -- has the highest levels of encryption at 78%, an increase on 2004's figure of 69% This is an encouraging sign, although in all cities around a quarter of the wireless networks identified as belonging to and operated by corporate entities were found to have no security measures deployed. London has the most to be ashamed of with 26% of business networks unsecured; New York is not far behind with 25% and the Parisians come in at 22%. Clearly, work still needs to be done to educate these organisations about the risks they face if the appropriate defences are not deployed and enabled to protect their wireless networks. "This is the fifth year we have commissioned this research -- and the first year we have seen such a dramatic improvement in the number of secured wireless business networks," commented Tim Pickard, area vice president of international marketing at RSA Security. "While the halting of what appeared to be a downward spiral is good news, we should not forget that around a quarter of business networks in these cities remain open to attack. Such companies risk the theft of confidential and sensitive data, planting of malicious code such as viruses and backdoor Trojans, and potentially allowing their systems to be used as a launch pad for denial of service attacks and other security breaches. Wireless security may have been bolstered, but we can't relax yet." Default values equal faulty defences Again, overall there was a slight improvement in the number of wireless networks still configured according to default network settings -- which can make it easier for hackers to find ways to penetrate a network. * In London, 22% of access points still had default settings -- an improvement on 2005's figure of 26%. * New York paints a bleaker picture, with 28% of access points using default settings; this is virtually the same as last year's figure of 30.8%. * Once again, Parisian businesses and consumers are least at risk with 21% of access points still having default settings, demonstrating that much progress has been made since 2004 when this statistic was 39%. Hotspots still hot topic The number of wireless hotspots continues to rise in some of the world's major financial districts. Last year's research detected 210 wireless hotspots on the London route; by 2006 this figure had risen to 364 -- a year on year increase of 73%. In New York, the annual growth rate was 15%, and almost 20% of all wireless access points were found to be hotspots -- by far the highest percentage across the three cities. In Paris, a more modest 68 wireless hotspots, equaling 12% of all access points, were discovered. Rogue hotspots could provide latest platform for identity theft Although the purpose of the research was not to look for rogue hotspots -- temporary wireless access points designed to look like the genuine article in order to capture users' confidential information -- they do present a potential security issue to which business and consumers should be alert. For example, Capgemini UK has built a test system on a laptop which emulates a commonly-seen hotspot. In its own private tests the company has observed devices connecting to this sample rogue hotspot, presumably because they have been unable to distinguish it from the real thing. Rogue hotspots can allow Internet access and process credit card details, which means that they could be used simply and invisibly to perpetrate online identity fraud. The likelihood of this is relatively high, especially given that a rogue hotspot would allow for a higher volume of accurate details to be captured than in an email-based phishing attack. "Rogue hotspots currently constitute one of the most serious and most likely vehicles for wireless security breaches -- they are easy to set up and an attacker is almost guaranteed a valuable crop of data in a short period of time," said Phil Cracknell, Capgemini UK, Security Consulting Practice. "For this reason, they could be used as the next platform for phishing attacks and identity theft. In order to prevent this, all mobile users -- either business or personal -- need to be educated about the potential risk from rogue hotspots and taught not to send confidential usernames, passwords and personal information over unencrypted networks." Methodology With a laptop computer and freely available software, the research team was able to pick up information from wireless networks by simply driving around the cities' streets. In the wrong hands this type of easy access to corporate and personal networks could be used to gain access to confidential information or disrupt business, or the network could be used to launch a Web- based attack on another organisation. The research, commissioned by RSA Security and undertaken by an independent information security specialist, was conducted as part of an ongoing study to quantify both the extent to which wireless usage is growing in the world's major financial hubs, and how many companies' wireless networks freely 'leak' data traffic into the street, providing potential access to hackers from their car or a nearby building. The survey was carried out using the laptop version of Airmagnet, with software capable of detecting broadcasting and non-broadcasting 802.11a, b and g WiFi devices using a Proxim Gold combination card. When devices were detected the software once again identified the channel, Server Set ID (SSID) and other network information before disconnecting from that source. The information gathered from each brief connection enabled offline analysis of the networks to identify any of the following where available: Server Set ID (SSID) Frequency (a, b or g) Channel (1-11) WEP (Y/N) Signal strength (For exact location purposes) Mode of operation (Ad-hoc, station, access point, infrastructure) MAC Address Hardware vendor The nature of the access point response, security levels, SSID values, broadcasting, physical location and presence of other access points with the same SSID enabled us to deduce which were public access systems and which were private business systems with a high degree of accuracy. About RSA Security Inc. RSA Security Inc. is the expert in protecting online identities and digital assets. The inventor of core security technologies for the Internet, the Company leads the way in strong authentication and encryption, bringing trust to millions of user identities and the transactions that they perform. RSA Security's portfolio of award-winning identity & access management solutions helps businesses to establish who's who online -- and what they can do. With a strong reputation built on a 20-year history of ingenuity, leadership and proven technologies, we serve more than 20,000 customers around the globe and interoperate with over 1,000 technology and integration partners. For more information, please visit http://www.rsasecurity.com/ RSA is a registered trademark of RSA Security Inc. in the United States and/or other countries. All other products and services mentioned are trademarks of their respective companies. For more information: Julie Kehoe Matt Buckley OutCast Communications RSA Security Inc. (646) 442-3370 (781) 515-6212 DATASOURCE: RSA Security Inc. CONTACT: Julie Kehoe of OutCast Communications, +1-646-442-3370, ; or Matt Buckley of RSA Security Inc., +1-781-515-6212, Web site: http://www.rsasecurity.com/

Copyright