WIRELESS DEVICE TESTING
EDGENETIC delivers wireless device testing as a common component of most internal onsite penetration tests. EDGENETIC delivers assessments against most common 802.11 protocols, often referred to as WIFI protocols.
EDGENETIC is proud to have been approved by CREST as a having certified wireless testing capability. This is an accolade that has only been awarded to 2 penetration testing companies globally, and it demonstrates our capability and experience within this specific domain of expertise.
Wireless assessments can be delivered through attacks that target the existing wireless infrastructure that runs and operates within an organisation, as well as the clients that interact with this infrastructure. It is common for both types of assessments to be conducted in a thorough wireless penetration test. Although it is possible to conduct this type of assessment remotely, through shipping wireless devices to site, EDGENETIC’s preferred approach is to attend the location that is being assessed, and simulate a threat actor that has local access to the surrounding airspace.
Unencrypted WLAN
There are two types of un-encrypted wireless LANs that exist. These typically consist of visible and invisible infrastructures.
Visible Unencrypted WLANS
For visible WIFI networks, EDGENETIC connects to the Wireless LAN and sniffs network traffic looking for IP addressing details. Once this information has been captured, EDGENETIC allocates themselves an IP address, and moves on to carrying out EDGENETIC standard Infrastructure Testing methodology. For MAC filtered environments, EDGENETIC de-authenticates a valid client, and connects in using the valid MAC address.
Invisible Unencrypted VLANs
For invisible Wireless LANs, EDGENETIC de-authenticates the client, and captures the re-authentication request. With this information, EDGENETIC is able to connect to the Wireless network and then carry out the phases detailed within the visible wireless network testing approach.
WEP based Networks
Two types of WEP based networks exist. These again consist of visible and invisible infrastructures.
Visible
For visible networks, EDGENETIC attempts a WEP based attack, by capturing weak IVs and running them through a series of Wireless Security tools. The intent here is to capture enough weak IVs to be able to crack the WEP key. Once the WEP key has been cracked, EDGENETIC connects to the wireless network and then moves on to carrying out testing consistent with the Visible unencrypted WIFI test plan.
Invisible
For invisible networks, EDGENETIC de-authenticates the client and then uses a series of tools to capture re-authentication requests and Weak IV pairs. The approach then moves on to that of the visible WEP network test plan.
WPA/WPA2 Encrypted Networks
EDGENETIC first determines whether the environment has a visible or hidden SSID. The approach for undertaking this is consistent with the test plans identified in the Visible and Invisible unencrypted WIFI environment.
Once this has been determined, EDGENETIC issues a de-authentication packet to the WIFI connected resources. Re-authentication requests are then captured, and the EAPOL handshake is extracted. Once this handshake has been captured, EDGENETIC carries out a brute force attack against it, with the intent of deciphering the WPA/WPA2 key.
LEAP Based Networks
EDGENETIC first determines whether the environment has a visible or hidden SSID. The approach for undertaking this is consistent with the test plans identified in the Visible and Invisible unencrypted WIFI environment.
Once this has been determined, EDGENETIC issues a de-authentication packet to the WIFI connected resources. Re-authentication requests are then captured, and EDGENETIC looks to capture and break the LEAP requests.
802.1X WLAN
For 802.1x based attacks, it is usual for EDGENETIC to create a rogue access point, with the same SSID as the real WIFI network. By a series of techniques, (de-auth/re-auth) EDGENETIC then coerces clients into connecting to this access point.
Once the client has tried to authenticate with the rogue access point, EDGENETIC will try to compromise the client by acquiring either passphrases or certificates. In addition, EDGENETIC may look to inject their own certificate in to the authentication process, for poorly configured client devices. Once the client has been compromised, EDGENETIC will attempt to deploy a keylogger to capture manually keyed usernames and passwords. By gaining access to these resources, EDGENETIC will attempt to gain access to the WIFI environment.
Extended Wireless Device Tests
In addition to many of the standard corporate tests, EDGENETIC recognises that many employees will have wireless environments configured at home. These environments will frequently use standard security controls that can be re-used inside the corporate environment. EDGENETIC will look to deploy rogue access points into an infrastructure that masquerade as the corporate infrastructure as well as mimicking many of the weaker security controls deployed within the home wireless environment.
EDGENETIC has a comprehensive wireless testing methodology that is available on request. All tests are consultancy driven, and can be adapted to fit whatever your wireless security requirements dictate. Wireless testing has become a standard component of most internal penetration testing engagements. To find out how EDGENETIC can help you manage the risk associated with your WIFI estate, please complete our contact form and a consultant will respond to your enquiry.
Frequently Asked Questions about Data Privacy Security
What is an incident response policy?
An Incident response plan or policy is a process you create before you experience a cyberattack. This is so that your team has a procedure to follow when you do experience a data breach. EDGENETIC follows the CREST Cybersecurity Incident Response process which is broken down into 3 phases: preparation, response, and follow up. Having a breach plan gives you the confidence to quickly nullify any threat to your data privacy security.
Why is data privacy security important?
Although it has always been important, the implications and need for higher security are coming into play now that technology is indispensable to everyday life. Using apps, browsing websites, and shopping online are all examples of how your data will be stored and managed online. For organisations today, the threat of cyber theft is a pertinent one. Having comprehensive data privacy plans in place can reduce and mitigate the risks of such events.
Does EDGENETIC practice sustainability?
As a company with a global footprint, sustainability is an area of importance to us. We are a registered ‘Investor in People’ organisation. Taking a cue from ISO 14001, we have strong sustainability practices put in place. Our organisation also hires fairly and equally, across gender and race. By working with us, you can rest assured that we implement data privacy security measures with ethics at the core of our mission.