Tel: +44(0)1529 306284

Wireless Security

Wireless Security

In the continuing evolution of IT technology, the vast majority of today’s devices have built-in wireless capabilities. As a result, wireless technologies have largely been adopted by most organisations.  Due to its cost effectiveness, ease of use and deployment capabilities, making it a viable solution for corporate networks large and small.

Because security a concern for every organisation, including those using wireless networks. That could allow external access to internal networks, should an unauthorised user be able to successfully gain access. Furthermore, consideration should be given to the fact that, if an attacker is able to gain access to an internal network from an access point.  By default, their presence, depending on the type of activity maybe harder to detect.  Consequently, it is important to verify that wireless security measures are both applied correctly and relevant.

Testing

CCC, wireless testing services are conducted by experts, using a combination of in-house tools and techniques together with industry standard equipment.

For examples of wireless testing assignments

Wireless Security | I.T. Security | Computer Crime

Man in the middle, is that a grown-up version of piggy…?

Testing is normally undertaken using a similar methodology to that used with our standard penetration testing services. First of all, identifying a representative sample of potential target access points.  Then evaluating the type of monitoring and access capabilities available without detection, progressing from there. With the following elements being considered:

  • Access points – Establishing the number of POA’s within the client’s footprint and their geographical location.  Including authorised and rogue devices, because these may have a bearing on testing and future monitoring.
  • Establish whether information, including possible vulnerabilities and default configurations exist within the public domain.
  • Establish whether any target specific access points information, including historical SSID data is available.
  • Passively, test to harvest any data being broadcast from a sample of access points.
  • Identify any guest networks capable of access and monitor for other connected devices, which may provide information relating to the main target.
  • Identify the type of encryption in use and actively intercept data transmissions, including handshakes.
  • Undertake a password quality assessment of the captured handshake.

Additional Testing

Finally, depending on the brief, other attacks that may be considered or attempted, these are likely to include:

  • Packet Decryption
  • Packet sniffing
  • Forged MAC address association
  • Deployment of rogue access points
  • Man-in-the-Middle attacks
  • Authentication server attacks
  • Data collection
  • Data analysis
Handshakes, a form of friendly greeting, capturing passwords!

In addition, CCC have undertaken external wireless audits at or close to the homes of executives and other key personnel.  To establish whether opportunities exist to compromise assets, subsequently allowing access to client network(s).

Part of testing process would assess whether any unauthorised corporate data leaks can be identified.

For examples of wireless testing assignments
Zero-day warez? No idea!

Our expertise and experience, uniquely combines electronic forensic skills, with an understanding of corporate finance.

Asset Tracing – Audit – Computer Security – Digital Forensics – Due Diligence – eDiscovery – Fraud Investigation

Intelligence Gathering -Passwords Analysis – Penetration Testing – Wireless Security

Services underpinned with expertise and experience.