Wireless Penetration Testing

Secure your wifi network

Wireless Penetration Testing

Minatio deploys a risk-based approach to manually assess and identify critical vulnerabilities that exist on wireless infrastructure within scope with our Wireless Network Security Assessment.

 

The primary goals of this wireless network security assessment are to:

  • Create a basis for future decision making regarding information security strategy, resource allocation and requirements.
  • Provide management with an understanding of the level of risk from Internet-accessible services.
  • Provide details to facilitate a cost-effective and targeted mitigation approach and recommendations.

 

Why perform a Wireless Network Security Assessment?

  • To benchmark the level of risk for your organization compared to similar companies.
  • To understand the level of risk that exists at a single moment in time and execute a real-world attack on critical infrastructure
  • To gain assurance that a malicious attacker could not gain unauthorized access to wireless or connected wired resources. execute a real-world attack on critical infrastructure
  • Performing this assessment on a regular basis will also help address specific regulatory requirements, such as PCI DSS requirement 11.3.1.

Scope: Penetration Testing: Wireless Infrastructure

The wireless infrastructure will be evaluated for numerous common vulnerabilities, including:

  • Encryption algorithms such as WEP, WPA, LEAP, PEAP
  • Key / certificate change / rotation
  • Network architecture and security zones
  • De-authentication vulnerabilities
  • "Evil Twin" attacks
  • Traffic overload via flooding
  • Network naming convention
  • Signal strength and dispersion
  • Traffic replay / injection
  • Wireless card vulnerabilities
  • Physical security of wireless access points
  • Wireless signal strength (heatmap)

Methodology

Penetration Testing: Wireless Infrastructure

Wireless testing is designed to simulate a real-world attack on your wireless infrastructure. It starts with limited knowledge and no credentials provided. It will allow you to understand the vulnerabilities that exist and the overall information security risk the wireless infrastructure introduces to your IT environment, although this practical exercise is not designed to test the effectiveness of each implemented control individually.
Testing can also be performed with user credentials to associate with the wireless network and determine if access controls to connected networks are sufficient and systems located on the wireless network are robust. As with Minatio's other infrastructure penetration services, the process will start with reconnaissance, moving to enumeration, vulnerability identification, and lastly validation.