Wireless networks are an extension of your organisation’s infrastructure perimeter and should be tested thoroughly. An insecure wireless network opens up your organisation to the external world and poses a security risk. Rogue access points, installed by employees on the infrastructure, which do not follow the organisation’s security guidelines, can also be used to compromise your organisation.
We identify the wireless infrastructure components that can be discovered and connected to, as well as the security mechanisms which are enforced. Our approach is to conduct a mix of black box and white box testing. We start by completing a site survey, where we use high powered wireless equipment to locate access points. We then map the wireless infrastructure presence and identify and detect vulnerabilities within the wireless spectrum.
We then proceed with a white box test component, where the client provides us with sample credentials to authenticate with against the wireless network. The example user account and password are used to simulate a malicious or compromised wireless user, with the objective of identifying if internal segmentation and access controls are adequately implemented.