The current installed base of wireless networks includes a very large percentage of Open APs, almost 50% according to one study [??]. Open APs are those which do not use security controls such as authentication and encryption on their wireless side. The reasons for this are many – there are people who believe, albeit in error, that hiding SSID of AP suffices as a security best practice, then there are those who don’t know about wireless encryption and thus use the AP in its default configuration which by the way is always Open, and finally there are those who don’t care about or want encryption on the AP.
Open AP in the vicinity of enterprise network – whether on the network or around the network – always creates security vulnerability. In the former case, outsiders can access the enterprise network through the Open AP from its radio spillage areas – called “outside in” vulnerability. In the latter, the enterprise wireless clients can be lured into connecting to the neighboring Open AP. Such connections can happen accidentally as they do not require any security handshake. They can also occur with deliberate purpose of bypassing the security checkpoints in the wired enterprise networks. This is called “inside out” vulnerability.