COVID-19: remote delivery options
We would like to reassure our clients that all training and consultancy services will go ahead as scheduled during the current COVID-19 situation. As a company that fully embraces flexible and remote working, we are adjusting our delivery methods to allow us to provide consultancy services, penetration tests and training remotely where necessary. Please also refer to our COVID-19 policy.
What is a wireless network penetration test?
Wireless networks are everywhere. Employing a wireless solution can offer greater flexibility, but it comes with greater potential for attack as it expands your organisation’s logical perimeter. From rogue access points to weak encryption algorithms, threats to wireless networks are unique and the risks can be significant.
Wi-Fi can provide opportunities for attackers to infiltrate an organisation’s secured environment – irrespective of security access controls. Penetration testing can help identify weaknesses in the wireless infrastructure.
A wireless network test generally includes:
- Identifying Wi-Fi networks, including wireless fingerprinting, information leakage and signal leakage;
- Determining encryption weaknesses, such as encryption cracking, wireless sniffing and session hijacking;
- Identifying opportunities to penetrate a network by using wireless or evading WLAN access control measures; and
- Identifying legitimate users’ identities and credentials to access otherwise private networks and services.
Once identified, the vulnerabilities are presented in a format that allows an organisation to assess their relative business risk and the cost of remediation. They can then be resolved in line with the network owner’s budget and risk appetite, helping them respond proportionately to cyber risks.
Did you know?
Wireless networks present a much easier exploitation path for attackers than a standard wired network. Criminal hackers generally consider wireless networks to be ideal entry points into an organisation’s systems.
Wireless network traffic is also easily recorded. Criminal hackers can gather proprietary information, logins, passwords, intranet server addresses, and valid network and station addresses. They can steal Internet bandwidth, transmit spam or use your network as a springboard to attack others. They can capture and modify traffic to masquerade as you, with financial or legal consequences.
Is a wireless network penetration test right for you?
If you are responsible for your network, you should ask yourself:
- Have you identified all your access points? How many unsecured or poorly secured access points are there?
- Is data freely flowing through your network without being encrypted?
- Are there unauthorised access points on your network?
- Is it possible that your IT department could misconfigure or accidentally duplicate a wireless network?
- Has the appropriate security been put in place to prevent attacks?
- Have you updated wireless protocols to an industry-accepted protocol (WPA2)?
Our engagement process
Our CREST-accredited penetration testers follow an established methodology based primarily upon the Open Source Security Testing Methodology Manual (OSSTMM). This approach emulates an attacker’s techniques using many of the same readily available tools.
- Scoping - Before the test, our account management team will discuss your assessment requirements for your internal network to define the scope of the test.
- Reconnaissance - The tester will identify and list wireless network access points where a signal can be received at the targeted location(s), whether physically located at or nearby the targeted location(s).
- Assessment - Using the information identified in the initial phase, we test the target wireless network for potential vulnerabilities. This will help your organisation produce an accurate threat and risk assessment.
- Reporting - The results will be fully analysed by an IT Governance certified tester and a full report will be prepared that sets out the scope of the test, the methodology used and all the risks identified.
- Re-test - We can provide access to our testers and the raw test data to support and expedite remediation. We can also retest your systems so that you can be sure all the identified issues have been successfully resolved.
“IT Governance combines the delivery of real insights with a cost-effective service.”
- Ian Kilpatrick, Group Information Security Officer at Collinson Group.
Select your wireless penetration test
We offer two levels of penetration test to meet your budget and technical requirements.
Level 1: buy online from £2,250
- Identifies the vulnerabilities that leave your IT exposed.
- Combines a series of manual assessments with automated scans, as our team assesses the vulnerability of your network.
- Allows you to evaluate your security posture and make more accurate budgetary decisions.
Purchase our affordable,
quick and fixed-price penetration tests online
Level 2: contact us for a quote
- Attempts to exploit the identified vulnerabilities to see whether it’s possible to access your assets and resources.
- Provides a more thorough assessment of your security posture, which enables you to make more accurate decisions about investing in securing your business-critical systems.
Please contact us for further information
or to speak to an expert.