Wireless attacks can be conducted by a malicious user from the parking or visitor’s area of the company without even getting noticed. Insecure wireless network is as insecure as extending out an active LAN cable outside of office premise. Wi-Fi can provide opportunities for attackers to infiltrate an organization’s secured environment – irrespective of security access controls. Penetration testing can help identify weaknesses in the wireless infrastructure.
Step1: Review: Wireless Architecture:
Wireless security policies, Wireless access right, Access point physical security, Network diagram and physical connectivity, guest wireless network.
Step2: Discover: Wireless Network:
Discover wireless SSIDs and hidden network, Nearby hotspot, Signal strength, MAC address, Naming convention, Wireless encryption protocol.
Step3: Crack: Wireless Encryption:
IVs, TKIP, AES, MSCHAPv2, EAP password cracking, WPS pin retrieval.
Setp4: Attack: Wireless Connection:
De-authentication, Fake authorization, ARP replay, Chop-chop fragmentation, Café Latte, Spoofing, Evil Twin attacks.
Step5: Assess: Wireless clients:
Man in the middle, Beaconing machines discovery, Traffic Shifting, Packet reconstruction.
Step6 Test: Wireless Access Point:
Fake access point, Denial of service, firmware vulnerabilities, Authentication brute forcing, Admin access protection, Access point penetration testing.
We at Redaallco while performing wireless penetration testing actively examine the process of information security to measure wireless Network, its’ weakness, technical flows and critical wireless vulnerabilities since because wireless connectivity pose a significant risk to the organization as the attackers need not to be physically present within the company’s premises to carry out the attacks
We make clear and comprehensively documented reports of vulnerabilities that discovered during the assessment. We provide following types of reports after the assessment to our client:
Technical Reports: Technical Report contains details of every identified vulnerability, and potential technical impact, exhibits and actionable remedies, and help organization patch the gaps identified.
Management Reports: Management Reports contains details of identified vulnerabilities, security level, along with the business impact of each vulnerability, which also contains executive summary along with findings conclusion and guidance.
Remediation Guidelines: We provide customize remediation guidance with complete audit programs, refineries and identification steps to follow for each loophole incidents for the future assaults.
