Wireless Penetration Testing

Who is it for?

With fewer companies operating on a purely local scale, remote working and flexible office hours remove the geographical barrier to business. To enable such flexible working for your staff, your clients and external partners, the typical solution is a combination of hot-desking and wireless networking.

WiFi networks are not generally afforded the same level of physical network access controls as they are with traditional Ethernet implementations. Furthermore, it is commonplace to provide ‘guest’ or Bring Your Own Device ‘BYOD’ access to wireless networks, which create an increased risk of rogue devices being introduced.

Whilst this provides opportunities for growth, you may also be opening new avenues for compromise by attackers.

How can we help?

We are able to conduct a full review of your wireless network either as a standalone assessment or as part of a larger scale investigation into your infrastructure security posture.

We will often deliver a standalone wireless assessment from a black-box perspective, but we may also combine with an architecture review (thereby utilising a white-box approach), enabling a more thorough analysis.

What we test

We check the configuration of your wireless technologies, test for rogue access points that may have been installed, and determine whether less secure Wi-Fi networks can provide an avenue to the corporate network. We will also check that wireless security standards around SSIDs, encryption and authentication are all in place. We most commonly find flaws relating to:

• Encryption protocols – The first line of defence for a wireless network. If an attacker can crack the encryption then they can gain access to the network.
• Authentication – As an example the PSK acts as a password to authenticate a user to the network. Passwords that are weak, or not stored securely, offer an easy avenue onto the network for an attacker.
• Segmentation– Weak or absent network segregation can lead to the disclosure of sensitive data, access to (or compromise of) internal systems, and the targeting of internal users.

Want to know more about how wireless penetration testing could benefit your organisation? Get in touch with one of our experts today for more info.