20
Wireless network security landscape of India 1 Wireless security survey Wireless network security landscape of India December 2008

Wireless security survey Wireless network security ... · Wireless network security landscape of India 1 Wireless security survey Wireless network security landscape of India December

Embed Size (px)

Citation preview

Page 1: Wireless security survey Wireless network security ... · Wireless network security landscape of India 1 Wireless security survey Wireless network security landscape of India December

Wireless network security landscape of India 1

Wireless security surveyWireless network security landscape of India

December 2008

Page 2: Wireless security survey Wireless network security ... · Wireless network security landscape of India 1 Wireless security survey Wireless network security landscape of India December

2

Foreword

With the increasing popularity of wireless networks, the need to be adequately protected against threats becomes paramount. However, limited awareness about the risks of using unsecured or poorly secured wireless network devices, coupled with the wide-spread availability of affordable wireless networking equipment has exposed users to potential misuse of these unsecured wireless networks.

There is an imperative need to secure wireless networks today, not only to protect one’s personal or business information, but also in light of the recent wireless network security breaches by unauthorized individuals. Media coverage of the exploits evoked considerable public interest and served as a wake-up call to individuals and businesses across India.

With a view to increasing wireless network security awareness among the public, the Enterprise Risk Services ('ERS') division of Deloitte Touche Tohmatsu India Private Limited ('Deloitte India') released a first of its kind “Wireless Security Survey” with a focus on the Mumbai metropolis in October 2008. A booklet providing step-by-step details to secure commonly used wireless network equipment was also released simultaneously.

By extending the survey to other cities in the country, Deloitte India has attempted to highlight the state of wireless network security on a nation-wide basis. The survey has been carried out using the WarDriving technique described in the methodology in Annexure – II. This survey should be read in conjunction with the disclaimer provided on the last page of this document.

We believe that increasing end user awareness and making a conscious decision to secure wireless networks will go a long way towards the goal of making India “Wi-Fi secure”.

Recent high-profile exploits of unsecured wireless networks in India revealed that a substantial proportion of wireless networks were deployed without basic security measures, indicating a general lack of wireless security awareness at a national level.

Page 3: Wireless security survey Wireless network security ... · Wireless network security landscape of India 1 Wireless security survey Wireless network security landscape of India December

Wireless network security landscape of India 3

1. Executive summary – India landscape 5 2. Comparison across survey cities 8 3. Detailed reports for individual survey cities 11 4. Risks and good practices 16 Annexure I – Wireless network security landscape of India at a glance 17 Annexure II – Methodology 18

Contents

Page 4: Wireless security survey Wireless network security ... · Wireless network security landscape of India 1 Wireless security survey Wireless network security landscape of India December

4

Wireless network security landscape of India

NCR*

14%86%

Jaipur

8%92%

Lucknow

18%82%

Indore7%93%

Ahmedabad

13%87%

Mumbai#

16%84%

Pune

31%69%

Nagpur

14%86%

Kolkata

15%85%

Hyderabad

22%78%

Chennai16%84%

Bengaluru

14%86%

Protected networksSurvey city

Vulnerable networks

Protected Vulnerable

Group City WPA/WPA2No encryption

Low level encryption (WEP)

Total

Group I Bengaluru 16% 28% 56% 84%

Chennai 22% 38% 40% 78%

Hyderabad 15% 43% 42% 85%

Kolkata 14% 43% 43% 86%

Mumbai# 13% 36% 51% 87%

NCR* 14% 31% 55% 86%

Group II Ahmedabad 7% 32% 61% 93%

Indore 18% 51% 31% 82%

Jaipur 8% 55% 37% 92%

Lucknow 14% 53% 33% 86%

Nagpur 31% 47% 22% 69%

Pune 16% 35% 49% 84%

National Average 14% 37% 49% 86%

# Mumbai includes Navi Mumbai* NCR includes Delhi, Gurgaon and NoidaFor detailed city-wise statistics refer Annexure I

Page 5: Wireless security survey Wireless network security ... · Wireless network security landscape of India 1 Wireless security survey Wireless network security landscape of India December

Wireless network security landscape of India 5

WEP is generally considered to offer a low level of protection whereas WPA and WPA2 are generally considered to offer a high level of protection.

Approximately 86% of the total networks across Survey Cities appeared to be vulnerable, since 37% of these networks appeared to have no encryption and 49% of the networks appeared to be using WEP encryption.

1. Executive summary – India landscape

The nation-wide WarDriving exercise undertaken by Deloitte India in October 2008 revealed that 86% of observed wireless networks appeared to be vulnerable. Configuration errors like using manufacturer-default device names, device names that reveal business or personal details and the use of weak encryption expose such networks to a greater risk of unauthorized access.

During our WarDriving exercise covering 12 cities across India ('Survey Cities'), we saw a total of 35,860 wireless networks. We used standard WindowsTM laptops (Windows referred herein and after is a registered trademark of Microsoft Corporation) equipped with a manufacturer-provided wireless network card and open source software.

1.1 Wireless Network SecurityBased on the use of encryption, we classified wireless networks into 2 broad categories depicted below:

Vulnerable networks

No encryption networks

Wired Equivalent Privacy (‘WEP’)

Protected networks

Wi-Fi Protected Access (‘WPA’)

Wi-Fi Protected Access 2 ('WPA2’)

Wireless network protection landscape of India

5,184 (14%)

13,115 (37%)

17,561 (49%)Total 30,676 (86%)Vulnerable networks

Vulnerable networks

Protected networks

No encryption Low level protection (WEP)

High level protection (WPA/WPA2)

Total 35,860

networks

Page 6: Wireless security survey Wireless network security ... · Wireless network security landscape of India 1 Wireless security survey Wireless network security landscape of India December

6

Manufacturer-default SSIDs

SSID broadcast across survey cities

Total 35,860 networks

SSID broadcast disabled

Residential networks

Business networks

2,337(7%)

13,625 (38%)

11,086 (31%)

8,812 (24%)

33,523 (93%) 93%

1.2 SSID BroadcastWe observed that approximately 7% of wireless networks across Survey Cities were not broadcasting their SSID.

Based on the SSID nomenclature of balance 93% wireless networks, we classified such networks into 3 categories viz. business, residential and networks broadcasting manufacturer-default SSIDs.

1.3 Business and Residential Network ProtectionBusinesses and residences are increasingly turning to wireless networks as a result of the convenience they offer. We observed that 33,523 networks were broadcasting their SSID, of which 24,711 appeared to be either business or residential networks.

The wireless network protection for these 24,711 business and residential networks is depicted below.

India-Business and residential wireless network protection

Total 24,711 business and residential networks

Vulnerable Protected

Residential (13,625)

14000

12000

10000

8000

6000

4000

2000

0

Business (11,086)

39%

6%8%

47%

Page 7: Wireless security survey Wireless network security ... · Wireless network security landscape of India 1 Wireless security survey Wireless network security landscape of India December

Wireless network security landscape of India 7

1.4 Manufacturer-default Router SSIDsBased on our analysis of manufacturer-default SSIDs broadcast by routers, it appears that 3 manufacturers (‘Make’) have 65% of market share in India. The market share of these 3 makes may differ from city to city.

Commonly used routers across survey cities

Make 1

Make 2

Make 3

Others

3,110 (35%) 2,550 (29%)

2,157 (25%)995 (11%)

Total 8,812

networks

Page 8: Wireless security survey Wireless network security ... · Wireless network security landscape of India 1 Wireless security survey Wireless network security landscape of India December

8

We found 35,860 networks across all Survey Cities. For ease of reference, we have classified Survey Cities as Group I or Group II and provided city-wise break-up of networks in the following tables:

2.1 Wireless Network ProtectionOut of 35,860 networks found across Survey Cities, 28,403 wireless networks belonged to Group I cities and 7,457 wireless networks belonged to Group II cities. Approximately 68% of vulnerable networks belonged to Group I cities and 18% of vulnerable networks belonged to Group II cities.

2. Comparison across survey cities

Group I

Cities Survey networks

Percentage of overall

Bengaluru 5,355 15%

Chennai 2,015 6%

Hyderabad 5,351 15%

Kolkata 1,840 5%

Mumbai# 7,214 20%

NCR* 6,628 18%

28,403 79%

# Mumbai includes Navi Mumbai* NCR includes Delhi, Gurgaon and Noida

Group II

Cities Survey networks

Percentage of overall

Ahmedabad 2,175 6%

Indore 662 2%

Jaipur 1,112 3%

Lucknow 540 2%

Nagpur 708 2%

Pune 2,260 6%

7,457 21%

Group I and Group II cities - Wireless network protection

Total 35,860 networks

India Group I cities Group II cities

20000

18000

16000

14000

12000

10000

8000

6000

4000

2000

0

Low level protection(WEP)

High level protection(WPA/WPA2)

No encryption

37%

28%

9%

49%

40%

9%11%

3%

14%

Page 9: Wireless security survey Wireless network security ... · Wireless network security landscape of India 1 Wireless security survey Wireless network security landscape of India December

Wireless network security landscape of India 9

For Group II cities, it was observed that 5% of wireless networks found, had their SSID broadcast disabled. Of the balance 95% wireless networks, 32% of networks appeared to be residential, 33% appeared to be business networks, and the remaining 30% of networks were broadcasting their manufacturer-default SSID.

2.2 SSID BroadcastBased on an analysis of the SSID broadcast within Group I cities, we saw that 7% of the wireless networks had their SSID broadcast disabled. Out of the balance 93% wireless networks, 40% of networks appeared to be residential, 30% appeared to belong to businesses, while the remaining 23% were broadcasting their manufacturer-default SSID.

Group II cities - SSID broadcast overview

7,457 Group II networks

424 (5%)

Manufacturer-default SSIDs

SSID broadcast disabled

Residential networks Business networks

2,371(32%)

2,443 (33%)

2,219 (30%)

95%

SSID Broadcast enabled

7,033 (95%)

Manufacturer-default SSIDs

Group I cities - SSID broadcast overview

28,403 Group I networks

1,913 (7%)

93%26,490 (93%)

6,593 (23%)

8,643 (30%)

SSID broadcast disabled

Residential networks Business networks

11,254 (40%)

SSID Broadcast enabled

Page 10: Wireless security survey Wireless network security ... · Wireless network security landscape of India 1 Wireless security survey Wireless network security landscape of India December

10

2.4 Manufacturer-default Router SSIDsWe performed an analysis of router makes derived from manufacturer-default SSIDs. The Top 3 Makes appeared to have 52% market share in Group I cities and 13% share in Group II cities, resulting in an overall market share of approximately 65% in India. The results are presented in the graph below.

Group I and Group II cities-Manufacturer-default router SSIDs

Total 8,812 manufacturer-default SSIDs

3500

3000

2500

2000

1500

1000

500

0

India Group I cities Group II cities

Make 1

29%

23%

6%

Make 2

25%

20%

5%

Make 3

11%9%

2%

Others

35%

23%

12%

2.3 Business and Residential Network ProtectionDuring our survey, we observed a total of 35,860 wireless networks. Based on the nomenclature of SSID broadcasts, we could classify 24,711 networks as either business or residential. The balance 11,149 networks either had manufacturer-default SSIDs or were not broadcasting their SSID.

Approximately 11,086 (45% ) networks were classified as business while balance 13,625 (55%) networks were residential.

Business and residential - Wireless network protection

Total 24,711 business and residential networks

India Group I cities Group II cities

14000

12000

10000

8000

6000

4000

2000

0

Vulnerable Protected

Business

Vulnerable Protected

Residential

30%

9%

39%

6% 5%1%

39%

8%

47%

8% 7%1%

Page 11: Wireless security survey Wireless network security ... · Wireless network security landscape of India 1 Wireless security survey Wireless network security landscape of India December

Wireless network security landscape of India 11

We have analyzed select wireless network parameters for each of the Survey Cities in order to present a city-wise comparison at the Group level.

Each graph in this section may be interpreted as follows:

The first bar comprising of dark blue and green blocks in each of the graphs indicates percentage across all cities The values across all these bars when taken together add up to 100%

The second bar comprising light blue and light green blocks in each of the graphs indicates the percentages within each Survey City

The values for each of these bars individually add up to 100%

We have presented graphical results for each Survey City in subsequent subsections 3.X.

3.1 Wireless Network ProtectionBased on the encryption mechanism found on 28,403 networks in Group I cities, we classified these networks into vulnerable and protected. Vulnerable networks are those which either have no encryption or low level WEP encryption. Protected networks use either WPA or WPA2 encryption.

Group I cities - City-wise wireless network protection

Total 28,403 network - Group I cities

8000

7000

6000

5000

4000

3000

2000

1000

0Bengaluru

(5,355)Chennai(2,015)

Hyderabad(5,351)

Kolkata(1,840)

Mumbai(7,214)

NCR(6,628)

3%

16%

16%

84%

6%

2% 22%

78%

3%

16%

15%

85%

5%

1% 14%

86%

3%

22%

13%

87%

3%

20%

14%

86%

Across Group I cities (28,403)

Protected (15%) Vulnerable (85%)

Within individual city

Protected Vulnerable

3. Detailed reports for individual survey cities

Page 12: Wireless security survey Wireless network security ... · Wireless network security landscape of India 1 Wireless security survey Wireless network security landscape of India December

12

A total of 7,457 wireless networks were found in Group II cities. The classification into vulnerable and protected networks for each of these cities is depicted below.

Group II cities - City-wise wireless network protection

Across Group II cities (7,457)

Protected (14%) Vulnerable (86%)

Within individual city

Protected Vulnerable

2500

2000

1500

1000

500

0

Ahmedabad(2,027)

Indore(544)

Jaipur(1,024)

Lucknow(457)

Nagpur(495)

Pune(1,894)

2%

27%

7%

93%

7%

2%

82%

18%

1%

14%

8%

92%1%

6%

14%

86%

5%

25%

16%

84%

Total 7,457 networks - Group II cities

3%

7%

31%

69%

Page 13: Wireless security survey Wireless network security ... · Wireless network security landscape of India 1 Wireless security survey Wireless network security landscape of India December

Wireless network security landscape of India 13

The status of SSID broadcasts for 7,457 wireless networks found in Group II cities is depicted in the graph below.

The above two graphs indicate that a majority of wireless networks across survey cities were configured to broadcast their SSID.

3.2 SSID BroadcastWe surveyed 28,403 networks in Group I cities. Based on the SSID broadcast setting, we classified these networks depending on whether SSID broadcasts were enabled or disabled. The graph depicting the status of SSID broadcasts is given below.

Group I cities - City-wise SSID broadcast overview

Total 28,403 networks - Group I cities

Across Group I cities (28,403)

SSID broadcast disabled (7%) SSID broadcast enabled (93%)

Within individual city

SSID broadcast disabled SSID broadcast enabled

8000

7000

6000

5000

4000

3000

2000

1000

0

Bengaluru(5,355)

17%

1.5% 8%

92%

Chennai(2,015)

7% 95%

0.4% 5%

Hyderabad(5,351)

17% 91%

2% 9%

Kolkata(1,840)

6% 92%

0.6% 8%

Mumbai(7,214)

1.5% 5%

24% 95%

NCR(6,628)

22% 95%

1% 5%

Group II cities - City-wise SSID broadcast overview

Total 7,457 networks - Group II cities

Across Group II cities (7,457)

SSID broadcast disabled (5%) SSID broadcast enabled (95%)

Within individual city

SSID broadcast disabled SSID broadcast enabled

2500

2000

1500

1000

500

0

28% 97%

0.9% 3%

9% 96%

0.3% 4%

15% 97%

0.3% 3%

7% 95%

0.3% 5%

9% 99%

0.1% 1%88%27%

12%3.1%

Ahmedabad(2,175)

Indore(662)

Jaipur(1,112)

Lucknow(540)

Nagpur(708)

Pune(2,260)

Page 14: Wireless security survey Wireless network security ... · Wireless network security landscape of India 1 Wireless security survey Wireless network security landscape of India December

14

3.3 Business and Residential Wireless Network SecurityBased on the nomenclature of SSIDs found during our survey of 28,403 Group I networks, we classified these networks into 2 broad categories viz. business or residential. These networks are then further classified into vulnerable and protected. Vulnerable networks are those which either have no encryption or low-level WEP encryption. Protected networks use either WPA or WPA2 encryption.

Further, based on the encryption used, we derived the percentage of vulnerable and protected networks in each category. The graphs depicting this analysis are provided below.

Our analysis of 11,086 business wireless networks across Survey Cities revealed the following:

Group I cities - City-wise business wireless network protection

Total 8,643 business networks - Group I cities

Across Group I cities (8,643)

Protected (12%) Vulnerable (88%)

Within individual city

Protected Vulnerable

3000

2500

2000

1500

1000

500

0

Bengaluru(2,414)

23%

4% 16%

84%

Chennai(674)

7% 86%

1% 14%

Hyderabad(2,084)

21% 88%

3% 12%

Kolkata(657)

7% 87%

1% 13%

Mumbai(1,982)

2% 8%

21% 92%

NCR(832)

9% 91%

1% 9%

Group II cities - City-wise business wireless network protection

Total 2,443 business networks - Group II cities

Across Group II cities (2,443) Within individual city

Protected (12%) Vulnerable (88%) Protected Vulnerable

1000

900

800

700

600

500

400

300

200

100

0

Ahmedabad(834)

31%

3% 8%

92%

Indore(145)

5% 86%

1% 14%

Jaipur(160)

6% 94%

Lucknow(180)

7% 91%

0.6% 9%

Nagpur(208)

3% 37%

5% 63%

Pune(916)

33% 88%

5% 12%

0.4% 6%

Page 15: Wireless security survey Wireless network security ... · Wireless network security landscape of India 1 Wireless security survey Wireless network security landscape of India December

Wireless network security landscape of India 15

We performed an analysis of residential networks in a similar manner for 13,625 wireless networks in Survey cities, with the results shown below.

Our analysis for business and residential networks across the 12 Survey Cities indicated that a large number of business and residential wireless networks were vulnerable.

Group I cities - City-wise residential wireless network protection

Total 11,254 residential networks - Group I cities

Across Group I cities (11,254)

Protected (12%) Vulnerable (88%)

Within individual city

Protected Vulnerable

4500

4000

3500

3000

2500

2000

1500

1000

500

0

Bengaluru(1,438)

10%

3% 20%

80%

Chennai(680)

5% 81%

1% 19%

Hyderabad(1,522)

11% 83%

2% 17%

Kolkata(591)

5% 90%

1% 10%

Mumbai(2,976)

3% 11%

23% 89%

NCR(4,047)

31% 87%

5% 13%

Group II cities - City-wise residential wireless network protection

Total 2,371 residential networks - Group II cities

Across Group II cities (2,371)

Protected (12%) Vulnerable (88%)

Within individual city

Protected Vulnerable

800

700

600

500

400

300

200

100

0

Ahmedabad(706)

29%

1% 5%

95%

Indore(278)

9% 79%

3% 21%

Jaipur(447)

17% 91%

Lucknow(215)

8% 91%

1% 9%

Nagpur(178)

2% 30%

5% 70%

Pune(547)

19% 83%

4% 17%

2% 9%

Page 16: Wireless security survey Wireless network security ... · Wireless network security landscape of India 1 Wireless security survey Wireless network security landscape of India December

16

4. Risks and good practices

The rapid adoption of wireless networks without a commensurate increase in wireless network security awareness, both at homes and businesses, is indeed a growing concern. We have attempted to highlight several risks of using unsecured or poorly secured wireless networks and some good practices everyone should follow to ensure a minimum level of security.

4.1 Risks of using vulnerable wireless networksThe use of unsecured wireless networks exposes users to the following major risks:

•Unauthorizedusersmightvisitobjectionablesites,sendthreateningemailsanddownloadorpostoffensivematerialon websites

•Illegalactivitiesmightbeperformedfromtheowner’sunsecurednetwork.Ifthereisasubsequentcriminalinvestigation, logs will indicate that the owner’s IP address was used to commit the illegal activity

•Iffoldersaresharedonthewirelessnetwork,theymaybeavailabletounauthorizeduserswhoconnecttounsecured wireless networks

•Ifthewirelessnetworkisconnectedtotheinternet,itwouldbepossibleforintruderstosurftheinternetfreeofcharge. Not only would this clog the network but also consume upload and download limits set by the service provider, possibly incurring additional internet usage charges for the owner

•Unauthorizedusersmaysniffsensitivedatasuchasbankaccountdetails,onlinetransactionpasswordsandemailcommunication transmitted over the unsecured wireless network, possibly causing monetary loss to the owner

4.2 Wireless network security good practicesYou are strongly advised to protect your wireless network from unauthorized use. The following are some good practices to provide secure connectivity:

•Ensurethatyourwirelessaccesspointhasthelatestfirmwareinstalled(obtainedfromroutermanufacturers’website) so that you can take advantage of more secure encryption mechanisms such as WPA or WPA2

•EnsurethattheSSIDofwirelessaccesspointischangedfromthedefaultmanufacturerSSIDinordertoreducetherisk of intruders directing targeted attacks against your wireless network to exploit known vulnerabilities. Further, ensure that your SSID does not reveal identifiable information about you or your business

•EnsurethatyourwirelessaccesspointdoesnotbroadcastitsSSID•Changethedefaultadministratorpasswordontherouterinordertoreducetheriskofcompromiseofyour

wireless access point•EnableWPA2onyouraccesspointwithapassphrasehavingalphanumericcharactersandspecialcharacters.This

might make it more difficult for an intruder to crack the passphrase. If your wireless access point does not support WPA2, you must enable WPA or WEP

•AlwaysactivateMACaddressfilteringtolimitthecomputerswhichareabletoconnecttoyourwirelessnetwork•Ensurethatyourwirelessnetworkisswitchedoffwhennotinuse•Placetherouterinaphysicallysecurelocation

Note: The above points represent general wireless network security good practices. Deloitte India is not responsible for comprehensiveness or accuracy of the recommendations presented above. You are encouraged to seek assistance from an IT Security Professional for expert advice. Refer to your wireless device manufacturers’ instructions to implement security for the device you are using for wireless connectivity.

For more information on the India Wireless Security Survey, please contact us at [email protected]

Page 17: Wireless security survey Wireless network security ... · Wireless network security landscape of India 1 Wireless security survey Wireless network security landscape of India December

Wireless network security landscape of India 17

Annexure I – Wireless network security landscape of India at a glance

Groups CitiesSurvey

networks

Protection business/residential/others SSID broadcast Protected Vulnerable

Business Residential Othersδ

Enabled Disabled WPA/WPA2Noencryption

Low levelencryption(WEP)

TotalP V P V P V

Group I Bengaluru 5,355 7% 38% 5% 22% 4% 24% 92% 8% 16% 28% 56% 84%

Chennai 2,015 5% 29% 6% 27% 11% 22% 95% 5% 22% 38% 40% 78%

Hyderabad 5,351 5% 34% 5% 23% 5% 28% 91% 9% 15% 43% 42% 85%

Kolkata 1,840 5% 31% 3% 29% 6% 26% 92% 8% 14% 43% 43% 86%

Mumbai# 7,214 2% 25% 5% 36% 6% 36% 95% 5% 13% 36% 51% 87%

NCR* 6,628 1% 11% 8% 53% 5% 22% 95% 5% 14% 31% 55% 86%

Group II Ahmedabad 2,175 3% 35% 2% 31% 2% 27% 97% 3% 7% 32% 61% 93%

Indore 662 3% 19% 9% 33% 6% 30% 96% 4% 18% 51% 31% 82%

Jaipur 1,112 1% 14% 4% 36% 3% 42% 97% 3% 8% 55% 37% 92%

Lucknow 540 3% 30% 4% 36% 7% 20% 95% 5% 14% 53% 33% 86%

Nagpur 708 11% 18% 8% 17% 12% 34% 99% 1% 31% 47% 22% 69%

Pune 2,260 5% 36% 4% 20% 7% 28% 88% 12% 16% 35% 49% 84%

National Average 4% 27% 5% 30% 6% 28% 94% 6% 14% 37% 49% 86%

# Mumbai includes Navi Mumbai* NCR includes Delhi, Gurgaon and Noidaδ Networks with SSID broadcast disabled or manufacturer-default SSIDs

P Protected business/residential/other networksV Vulnerable business/residential/other networks

The following table summarizes the level of wireless network protection/vulnerability for Survey Cities across select parameters.

Page 18: Wireless security survey Wireless network security ... · Wireless network security landscape of India 1 Wireless security survey Wireless network security landscape of India December

18

Annexure II – Methodology

The Wireless Security Survey was conducted using the methodology depicted below:

Area Selection Observation Data Analysis Survey Results

Area SelectionOur effort was to obtain a representative sample of wireless networks deployed across the Survey Cities covered during our exercise. Areas in each of these cities were short listed from our understanding of Internet usage in the city, based on the distribution of residences and businesses.

ObservationIn this phase, we adopted a technique known as “WarDriving”. This involved driving around short listed areas using standard laptops equipped with a built-in wireless card which could capture information about wireless networks in the vicinity. No special hardware was used in this activity. The laptops had standard Microsoft Windows Operating Systems, manufacturer-provided wireless card utilities and open source wireless network identification software.

Data AnalysisDuring this phase, we analyzed and segregated data observed during WarDriving using data analysis tools. The wireless network information was analyzed for the Survey Cities based on the following parameters:

•Encryptionmechanismthatmighthavebeenimplemented•SSIDbroadcastsettingstatus•ClassificationintobusinessandresidentialnetworksbasedontheirSSIDbroadcast•Makeofwirelessdevicesused

All percentages were rounded to the nearest value.

Survey ResultsIn this phase, we interpreted the data to the best of our ability/knowledge while maintaining the confidentiality of all gathered information. The results are generalized and no personally identifiable information is presented in this survey. The purpose of this survey and presentation of findings is to help spread public awareness with regards to wireless network security.

Some of the inherent limitations of our WarDriving survey are as follows:

•Networks500feetawayfromthecarmaynotbefounde.g.above6thfloor•Accesspointsthataredeployedbehindwallsmaynotbefound•SurveyCitiesandwirelessnetworksobservedwithinthesecitiesmaynotberepresentativeofthewirelessnetworks

across India

Some important precautions taken during this survey include:

•Duringtheobservationphase,theWarDrivingteamconfiguredtheirwirelessnetworkcardstopreventinadvertentconnections to unsecured wireless networks by disabling the TCP/IP stack for the laptop’s wireless network card

•Wehavetakenreasonablemeasurestokeepinformationobtainedduringthissurveyconfidential.Allpersonsinvolved in conducting the survey have signed non-disclosure agreements

Page 19: Wireless security survey Wireless network security ... · Wireless network security landscape of India 1 Wireless security survey Wireless network security landscape of India December

Wireless network security landscape of India 19

Contacts

Deloitte Touche Tohmatsu India Private Limited3rd Floor, NASEOH Building,Postal Colony, Chembur,Mumbai - 400 071India

Tel.: +91 (22) 6681 0500Fax: +91 (22) 6681 0501Email: [email protected]

Deloitte Touche Tohmatsu India Private Limited7th Floor, Building 10, Tower-B, DLF Cyber City Complex, DLF City Phase-II,Gurgaon - 122 002India

Tel.: +91 (124) 679 2000Fax: +91 (124) 679 2012

Page 20: Wireless security survey Wireless network security ... · Wireless network security landscape of India 1 Wireless security survey Wireless network security landscape of India December

DisclaimerThis document / publication contains general information only, and none of Deloitte Touche Tohmatsu, its member firms, or its and their affiliates are, by means of this publication, rendering accounting, business, financial, investment, legal, tax, or other professional advice or services. This publication is not a substitute for such professional advice or services, nor should it be used as a basis for any decision or action that may affect your finances or your business. Before making any decision or taking any action that may affect your finances or your business, you should consult a qualified professional adviser.

None of Deloitte Touche Tohmatsu, its member firms, or its and their respective affiliates shall be responsible for any loss whatsoever sustained by any person who relies on this publication.

Survey users should be aware that Deloitte has made no attempt to verify the reliability of such information. Additionally, the survey results are limited in nature, and do not comprehend all matters relating to wireless security that might be pertinent to your organization or residence. The information is provided as is, and Deloitte makes no express or implied representations or warranties regarding the information. Without limiting the foregoing, Deloitte does not warrant that the information will be error-free or will meet any particular criteria of performance or quality. Deloitte expressly disclaims all implied warranties, including, without limitation, warranties of merchantability, title, fitness for a particular purpose, non-infringement, compatibility, security, and accuracy.

Your use of the information is at your own risk and you assume full responsibility and risk of loss resulting from the use thereof. Deloitte will not be liable for any direct, indirect, special, incidental, consequential, or punitive damages or any other damages whatsoever, whether in an action of contract, statute, tort (including, without limitation, negligence), or otherwise, relating to the use of the information.

If any of the foregoing is not fully enforceable for any reason, the remainder shall nonetheless continue to apply.

About DeloitteDeloitte refers to one or more of Deloitte Touche Tohmatsu, a Swiss Verein, and its network of member firms, each of which is a legally separate and independent entity. Please see www.deloitte.com/about for a detailed description of the legal structure of Deloitte Touche Tohmatsu and its member firms.

Deloitte provides audit, tax, consulting, and financial advisory services to public and private clients spanning multiple industries. With a globally connected network of member firms in 140 countries, Deloitte brings world-class capabilities and deep local expertise to help clients succeed wherever they operate. Deloitte’s 165,000 professionals are committed to becoming the standard of excellence.

Deloitte’s professionals are unified by a collaborative culture that fosters integrity, outstanding value to markets and clients, commitment to each other, and strength from cultural diversity. They enjoy an environment of continuous learning, challenging experiences, and enriching career opportunities. Deloitte’s professionals are dedicated to strengthening corporate responsibility, building public trust, and making a positive impact in their communities. Deloitte Touche Tohmatsu India Private Limited refers to one of the member firms of Deloitte.

©2008 Deloitte Touche Tohmatsu India Private Limited. All rights reserved.