Wireless Penetration Testing
Wireless is here to stay and becoming more and more pervasive. Understanding wireless and the risks and vulnerabilities involved with its use are crucial concerns for your organization’s security staff.
What is Wireless Penetration Testing?
Wireless testing is the evaluation of your wireless posture. Nearly every business provides wireless access for their employees. Some go as far as allowing guests on the network. Our engineers evaluate WPA password strength, perform evil twin attacks, conduct WPA-Enterprise bypassing attacks, and evaluate network visibility and segmentation.
A wireless penetration test will examine your network using a methodology similar to the standard wired penetration test. However, they will focus on the wireless as the gateway to exploit your vulnerabilities. Thus selecting the right partner to conduct the wireless penetration testing is an important decision.
Benefits of Wireless Penetration testing
Testing wireless networks is a critical activity to ensure wireless networks are providing the intended access and only the intended access.
We have all heard the horror stories associated with a company’s Wi-Fi used to breach their security. The most famous case is the TJ Maxx case. TJ Maxx’s parent company secured its wireless LAN (Local Area Network) using Wired Equivalent Privacy (WEP). WEP is the weakest form of security available for securing wireless LANs. Hackers broke in and stole records: which included millions of credit card numbers.
Falconer Security’s dedicated penetration test team is highly qualified, possesses advanced certifications, and is equipped with the labs, tools, and methodologies necessary to consistently deliver quality, accurate, detailed, and meaningful results.
Falconer Security's Approach
Falconer Security leverages industry standard methodologies to ensure a thorough and comprehensive test is conducted under safe and controlled conditions. Falconer Security’s reports are content rich, regularly stand the scrutiny of regulatory requirements, exceed expectations of auditors, and frequently receive the praise of our customers. Falconer Security does not simply validate automated scans.
Methodology
- WIRELESS RECONNAISSANCE: Detecting and identifying authentication methods supported, encryption requirements, MAC address restrictions, and the technologies in use.
- NETWORK RECONNAISSANCE: Exploring connected networks to identify lateral targets, test segmentation, and bypass intended restrictions on movement within the wireless network.
- MAC ADDRESS FILTERING BYPASS: Attempts to bypass evaluate the effectiveness of MAC address filtering through cloning, enumeration, and bypass attacks.
- ENCRYPTION EXPLOITS: Testing encryption methods and effectiveness, attempts to intercept information from other connected users, and performing decryption attacks.
- AUTHENTICATION ATTACKS: Tests targeting password complexity, authentication handshake manipulation, and password cracking attempts.
- SESSION MANAGEMENT: Targeting legitimate end users, attempts to inject or hijack existing sessions, bypass replay protection mechanisms, manipulate session state or session assignment methods, or leverage insecure wireless session management.
- PRIVILEGE ESCALATION: Identifying potential targets on the protected network, bypassing segmentation rules, and leveraging the wireless network to pursue further internal attacks.
Wireless Penetration Testing Tools
- Aircrack
- Reaver
- Airsnort
- Cain & Abel
- Infernal Twin
- Wireshark
- Wifiphisher
- CowPatty
- OmniPeek
All of the above-mentioned tools will be used by professional ethical hackers who have a unique understanding of security.
Looking for help to identify weaknesses in your organisation’s information security? Get in touch with our team today to discover how we can support your security needs. Give us a call on 03450 21 21 51 or click here to fill in a contact form.
What You Will Get:
