Wireless Penetration Testing
We can help you identify weaknesses in your wireless implementations. Then supply, practical recommendations on how to remediate those issues and make your wireless network more secure.
What is a wireless penetration test?
Wireless networks are becoming the standard for organizations and are an easy way to get everyone connected. Going wireless, however, presents its own types of security challenges. TraceSecurity’s Wireless Assessment services give you a detailed look into the risks of your wireless set-up through sophisticated attempts to gain access and compromise systems. At the end of the assessment, our team we give you actionable recommendations to make your wireless network more secure.
Wireless Pentest Methodology
Solid Rock Innovations utilizes a detailed and repeatable methodology. We ensure this process is used during each engagement to ensure our assessment is reliable and reproducible. To get these results, we utilize the following steps listed below:
The scoping phase includes establishing the rules of engagement, communicating about access points in scope, the overall timeline of the assessment, and whether or not the test will be performed from a white, gray, or black box approach.
Enumerate and footprint target environments in order to identify and verify access points. During this phase, we will determine encryption types utilized across the wireless environment. Key targets will be selected for exploitation during the attack phase. If unencrypted networks are discovered, clear-text transmissions will be captured and reassembled to identify any user credentials and other sensitive information.
The attack phase is where exploitation of any vulnerability and/or misconfigurations occur. During this phase, we may initiate several attacks depending on the wireless environment. Attacks can include man-in-the-middle, exploitation of rogue access points, brute forcing, session hijacking, and more. We will attempt to exploit vulnerabilities by utilizing a blend of custom, open source, and commercial software tools. Throughout the attack phase, we will employ an approach wherein we exploit a vulnerable host with the explicit intention of accessing sensitive information, establishing a persistent presence on the system, and exploiting the trusts of related systems..
Reporting is the final phase of the assessment. All of the information gathered is combined and used to provide the client with a comprehensive detailing of the findings. The report contains a breakdown of the overall risk, highlighting strengths and weaknesses with the wireless network. Recommendations are included to help the business to make informed decisions regarding the mobile application. Each vulnerability is further broken down into technical details, along with remediation steps for the technical team to follow. An executive summary is also included to help provide information for strategic planning.
5. Remediation Testing (Optional)
Upon the request of the client, a retest can be performed after the client has addressed vulnerabilities identified in the assessment. We validate to see if the vulnerability still exists to ensure the changes were implemented properly. The prior assessment will be updated to reflect the results of the retest.