The agency responsible for the U.S. Defense Department's global networks and classified command and control systems has a gaping security hole in its front yard -- security cameras at its headquarters in Arlington, Va., are connected to a nonsecure and unencrypted . . .
The agency responsible for the U.S. Defense Department's global networks and classified command and control systems has a gaping security hole in its front yard -- security cameras at its headquarters in Arlington, Va., are connected to a nonsecure and unencrypted wireless LAN. Chris O'Ferrell, chief technology officer at NETSEC Inc. in Herndon, Va., which provides intrusion-detection services to numerous federal agencies and commercial customers, detected the nonsecure wireless LAN at the Defense Information Systems Agency (DSIA) last Friday.

While parked across the street from DISA's headquarters, O'Ferrell was able to easily map the topology of the agency's network, including the Service Set Identifier (SSID) numbers of access points and numerous IP addresses. Using a standard 802.11b wireless LAN card attached to his laptop computer and "sniffer" software, he was able to probe the network in less than half an hour.

O'Ferrell, who didn't attempt to enter the network, also determined that DISA failed to protect the system with the most basic form of 802.11b security, the Wired Equivalent Privacy ((WEP) Protocol.

The link for this article located at ComputerWorld is no longer available.