Wireless (WLAN) Penetration Testing Information
Providing end users with freedom and mobility associated with WLAN is increasingly viewed as a “need to have” in today’s workplace, but providing this wireless access creates an additional network security concern.
Because radio waves can travel through ceilings, floors, and walls, transmitted data often reaches unintended recipients on different floors/outside the building. These recipients can be harmless – but too often, there are malicious parties searching for an opportunity to access your company’s data, and a WLAN vulnerability may provide that opportunity.
What are the common threats associated with WLAN vulnerability?
- Rogue Access Points
- Data Interception
- Denial of Service
- Misconfigured Access Points
- Vulnerable Ad Hoc Connections
- Endpoint Attacks
Depending upon the specific objectives, our WLAN Audit may include:
- Wireless Security Policy Review
- Wireless Architecture review (e.g., Access Point, Controllers, Bridge to wired network, etc.)
- Enumeration of wireless environment including active exploitation of client systems using WLAN as point of ingress
- Identification of any unauthorized or “rogue” wireless access points within the client’s network
- Identification of network bleeds from other WLAN‟s that may pose a bridging risk.
- Wireless access point configuration review (e.g., SSID’s, encryption, roaming, cross-client communication, etc.)
- Access Control Review (e.g. network segregation of enterprise network, wireless network, and guest wireless network)
User Provisioning (e.g., Authentication Credential deployment) - Endpoint Security (e.g., configuration & technical controls – firewall, anti-virus, WAP lockdowns, etc.)
To learn more about Pivot Point’s penetration testing services, contact one of our experts and tell us about your company’s specific needs and objectives.
WLAN Security Testing is included in annual FDIC auditing for the Financial Industry.
“Do you have any wireless access points? If so, specify the number of Wireless Access Points, security controls in effect and your procedures for detecting rogue access points”