Wireless Penetration Testing

Penetration Testing

wireless

Whilst wireless (“WiFi”) networks are very common in company offices, wireless networks may be targeted by threat actors looking to remotely access company devices and networked resources. A wireless network penetration test can assess both the security of the wireless network itself as well as any hardening that has been implemented to prevent network propagation in the event of a wireless compromise.

WiFi networks are just another weak point in networks that can be targeted by attackers. With some companies focusing on internet based threats, it can be an overlooked security weakness.

If an attacker is able to compromise a wireless network they may be able to launch further attacks against company devices or pivot to sensitive resources.

Our testing reports will detail all discovered risks and offer detailed guidance on how to lock down your systems.

Wireless Testing Methodology Summary

Encryption Level

Not all available encryption options offer the same level of protection. For example, so called “Wired Equivalent Privacy” (WEP) encryption is effectively completely broken and can be trivial to access. The encryption level of the network will be assessed for known cryptographic weaknesses.

Username Disclosure

Wireless clients configured with enterprise security may disclose the username when connecting to an access point, these usernames can be gathered to allow for a later password bruteforce attack.

Rogue Access Point Protection

For protocols such as EAP-MSCHAPv2 and EAP-TTLS it may be possible to set up a malicious access point which accepts EAP authentication, and if the device or user enters their credentials they can be captured.

These networks should be protected by a trusted X.509 certificate, although an attacker may be able to use an illegitimate certificate (such as a self-signed one) and the user may ignore any security warnings, connecting to the malicious network.

Host Isolation

Wireless networks should be configured to prevent wireless clients from communicating with each other, instead only allowing devices to connect to the network to access resources. This protection significantly reduces the attack surface of the target network and may prevent network propagation and privilege escalation attacks.

Network Access Control

Wireless networks may utilise “Enterprise” wireless security. These networks are protected with an Extensible Authentication Protocol (EAP) for example EAP-TLS, EAP-TTLS, PEAP (EAP-MSCHAPv2).

These protocols allow integration of the wireless network with other authentication systems such as Active Directory, which may mitigate the difficulty of revoking a user’s access to the wireless network but introduces the additional risk of weak passwords allowing network access.

Network Segmentation

Due to the increased risk of wireless connection, it is recommended that wireless networks are segmented from other areas of the corporate network and that strict network filters are in place to prevent network propagation if a wireless network or client is compromised.

We offer a full suite of penetration testing services

In addition to Penetration Testing we also offer Cybersecurity Training and Cybersecurity Consultancy to offer a comprehensive suite of cybersecurity services.

Cybersecurity Training

Akimbo Core deliver cybersecurity workshops all around the UK, as well as remotely. Our workshops cover a range of topics from technical subjects such as how to get the most out of cybersecurity testing, to security awareness issues within businesses.

Cybersecurity Consultancy

From security architecture to security assessment, we offer a wide range of services to ensure the protection of your assets. We use a highly flexible methodology to ensure that our services are fully aligned to your needs, delivered by a bespoke team with the precise skills and depth of experience needed to understand your issues and then effectively deliver the desired outcome. With our security assurance services, you can have peace of mind knowing that your systems and data are well-protected.