Based on the Institute of Electrical and Electronics Engineers (IEEE) 802.11 wireless networking standards, Wi-Fi wireless networks have inherent risks due to their shared physical medium: electromagnetic waves. These networks provide organizations better usability and allow employees or guests to roam throughout the physical location and remain connected. However, Wi-Fi technologies also impose risks to an organization. Risks can come from improperly secured infrastructure, rogue access points, and wireless clients themselves.
MAC filtering, WEP encryption, and pre-shared keys are no longer effective defensive measures to protect clients using the wireless network and their information. Most of these measures can be bypassed or broken within minutes, exposing the internal infrastructure.
DJPaA will conduct configuration reviews, technical testing, and scanning for rogue access point detection. For Payment Card Industry (PCI) data environments covered within scope, this testing may be used to satisfy relevant Data Security Standard requirements. We will passively monitor the wireless network to determine weaknesses first, and then, if necessary, actively attack the network to gain access by breaking encryption keys or bypassing other security measures. Results of the test may include, as appropriate:
DJPaA will perform a site survey, passively and/or actively searching for rogue devices. Data gathered will be compared to known authorized access points and clients to determine if any rogue devices exist, to the extent possible.
During our wireless connectivity architecture evaluation, we will perform the following tasks:
DJPaA uses a structured and iterative process, testing the network architecture, systems configurations, processes, and procedures that affect the ability to protect your organization's wireless assets from unauthorized access. At your request, we will attempt to detect, analyze and compromise the wireless networks in place. We will use wireless-specific security tools, such as NetStumbler, the Aircrack suite, Kismet, lnSSIDer, etc. If we are successful in compromising the wireless network, we will document the findings and provide information on how the compromise took place.
Wireless clients are a critical part of the security of a wireless network. However, clients are often overlooked during testing. At your request, DJPaA can establish rogue access points and attempt to coerce clients to attack, in order to demonstrate the ability of an attacker to compromise laptops and other devices that connect to the wireless network. This threat exists not only on a corporate campus, but also in coffee shops, airports, and other public places where laptops may be used. Attackers can take this opportunity to compromise the laptop, which then reenters the corporate network. DJPaA has seen many organizations whose internal network has been compromised in exactly this way.