WIRELESS PENETRATION TESTING
Service Description
Wireless security assessment ensures protection against unauthorized access to wireless networks and wireless data, as well as segregation of guest access from private networks and systems. The WSA identifies potential back-doors through rogue access points; assesses corporate, guest, and point-to-point wireless LAN deployments to identify weaknesses in architecture, configuration, authentication, and encryption including identification of rogue access points; and verifies that authentication and encryption prevent unauthorized access or traffic snooping.
CAG's Wireless Penetration Testing offering provides strategic and isolated attacks against the client’s wireless systems. CAG will simulate an adversarial attack and attempt to identify, exploit, and penetrate weaknesses within these systems.
Our Methodology
As part of this test, CAG will perform the following activities:
Reconnaissance
We conduct passive reconnaissance for wireless penetration testing to find all of the publicly available web pages and other documentation related to your organization’s wireless implementation. We collect document metadata because we expect to run off-line cracking attempts on captured wireless handshakes and we want the most comprehensive word lists.
Asset Discovery
We use a number of tools to scan for all wireless traffic, including broadcast traffic originating from WAPs and traffic from client stations.
Vulnerability Discovery
After asset discovery, we will scan the discovered assets to look for vulnerabilities and wireless security faults such as weak protocols, default or weak administrative credentials and WPA enterprise misconfigurations.
Manual Testing
Finally, we look at everything that has been identified and analyze the data to determine where to perform manual testing and attempt exploitation to validate noted vulnerabilities
Our Deliverables
In addition to the usual status updates and meetings, CAG will deliver written drafts of the following material:
- Summary of the attack and results of that activity
- Summary of your identification and response to attack, if any
- List of recommendations for improving your wireless posture
Note: The WSA may be performed on-site or off-site via remote access to testing laptop. The latter saves on the cost of service.
Scope: The WSA will typically target one location.
