Wireless is inherently insecure and often the launching pad for larger attacks and breaches. With our Wireless Penetration Testing we gather wireless security information, collect data on the wireless network, analyze wireless implementation, and analyze internal wireless security procedures. We also attempt to capture sensitive data, gain unauthorized access, break wireless passwords, etc.
Our Wireless Penetration Test is a combination of a Wireless Penetration Test against the wireless network itself and a Vulnerability Assessment against the access point if we are able to compromise the wireless network. We alter this approach based on the scope of the engagement. The combination of the Wireless Penetration Test and Vulnerability Assessment against the WAP provides you with a clear understanding of the risk introduced by the wireless network and access point.
Our goal with the Wireless Penetration Test is to determine the security posture of the wireless network(s) by scanning wireless traffic associated with each WAP. During this process, we eavesdrop on wireless traffic to capture authentication handshake(s), determine the type of security, and attempt to gain access using this information. Each WAP is assigned a score as part of our Wireless Penetration Test. The score is determined by how well security controls are configured on the WAP. Our scoring is on a scale of 1 to 10, where 1 = No Security and 10 = Highly Secure.
We also scan for rogue access points and evil twins. We have discovered numerous organizations with rogue access points that enabled an attacker to bypass all security controls by allowing them to connect wirelessly to the internal, “trusted” network.