Wireless networks are obvious targets for hackers, corporate spies and spammers. A wireless network, whether authorized or rogue, can provide a back door to your core IT infrastructure. You need a thorough wireless security assessment to identify the wireless vulnerabilities present in your system.
Sword & Shield Wireless Testing Will:
- Determine if a wireless network is vulnerable to attack,
- Find unauthorized wireless access points,
- Identify vulnerable laptops connected to rogue access points,
- Determine how far a wireless network extends outside the physical boundaries of a facility,
- Test the authorization and authentication system,
- Determine how well the wireless IDS/IDP is working, and
- Determine if the wireless deployment meets compliance requirements.
Our Approach to Wireless Security Testing
Sword & Shield Wireless Testing examines the subsystems, components and security mechanisms of a wireless network and identifies any weaknesses. Our analysts consider two types of wireless network threats: 1) opportunistic, and 2) targeted with limited resources. From there, the Sword & Shield Wireless Testing consists of seven key stages.
- Security Architecture Review
- Vulnerability Analysis Test Plan (includes outdoor and indoor testing)
- Network Mapping and Data Collection of Accessible Networks
- Threat Model Identification
- Vulnerability Identification
- Penetration Testing
- Analysis and Reporting
Questions Our Report Will Answer
- Do you have unauthorized wireless access points?
- How far does your wireless network extend?
- Is your wireless IDS/IDP working to keep unauthorized users from your core network and data resources?
- Does your wireless deployment meet regulatory requirements for PCI, PHI, etc.?
Real Success Story
While executing a wireless security assessment at the headquarters of a large retailer, Sword & Shield’s analysts identified four wireless access points that were accessible from the firm’s parking lot. Upon careful inspection of these access points, it was determined that one was configured with the wireless encryption protocol (WEP) enabled, a deprecated and cryptographically insecure protocol. Using publicly available open source tools, the Sword & Shield analysts were able to gain access quickly to the wired network that the vulnerable wireless access point bridged. Within minutes, it was determined by the assessment team that the wired network was the retailer’s internal network. After notifying the network manager who confirmed that it was not an authorized device, the assessment team attempted to identify the precise location of the rogue access point. The result of the investigation was that a member of the retailers accounting team had installed a personal access point several weeks prior to the test.
Based on the findings of the wireless assessment, the large retailer implemented stronger 802.1x encryption across all internal networking devices. Also, the retailer updated their acceptable use policy to include verbiage prohibiting the connection of unauthorized devices to the corporate network. Sword & Shield’s wireless assessment services helped remediate a serious vulnerability that exposed their internal network to the outside and could have resulted in a breach.
Find Out More
Sword & Shield has been outsmarting cyber-criminals and improving security for enterprises around the world since 1997. Fill out our Consultation Request form or call us so we can begin securing your future.
U.S. Toll-free: 800-810-1885