Wireless Penetration Testing Methodology
Explore our methodology and the steps employed in our Wireless Penetration testing assignments.
Cyberflame's Wireless Penetration Testing Methodology
Cyberflame's Wireless Penetration Testing Methodology
In today's digital age, it's rare for an organization not to have some form of a wireless network. However, merely enabling wireless connectivity in an organization doesn't equate to deploying a wireless network. The disparities in these tasks often lead to improperly configured environments, impacting the productivity of employees, network security, and data integrity.
​
What is a Wireless Penetration Test?
At the simplest level, a wireless penetration test can reveal the Wi-Fi devices present within your environment and whether your environment adheres to industry best practices. With a more thorough test, an assessment can also scrutinize the wireless infrastructure, performance, and security posture of an organization's Wi-Fi network(s), helping you fully comprehend your organization's cybersecurity strengths and weaknesses.
Cyberflame's wireless penetration tests are exhaustive. Beyond the basic "unauthorized access" testing methodology that other security organizations provide as part of a wireless assessment, Cyberflame delves deeper, following the same overall methodology as all of our comprehensive penetration tests.
Information Gathering
The information-gathering phase of a wireless network penetration test consists of network enumeration, identifying the SSIDs (network names) in scope and in range of your Wi-Fi network. The outcome of the information-gathering efforts is a compiled list of metadata and raw output from automated tools to garner as much information about the wireless network's configuration as possible. This step aims to map the in-scope environment collectively and prepare for threat identification and modeling.
Threat Modeling
With the information collected during Information Gathering, security testing transitions into threat modeling, where assets are identified and categorized into threat categories.
Vulnerability Analysis
The vulnerability analysis step in a wireless penetration test involves reviewing, documenting, and analyzing vulnerabilities discovered as a result of information gathering and threat modeling. This includes analyzing output from various security tools and manual testing techniques used in the previous steps. Vulnerability Analysis will also include creating a plan for exploitation and gathering exploits.
Exploitation
The Exploitation phase of a wireless penetration test involves gaining access to the wireless network, and potentially your internal network, by bypassing security controls and exploiting vulnerabilities to determine their real-world risk. In a wireless penetration test, this also involves assessing the following potential risk areas:
​
-
Rogue Access Point Detection - Cyberflame will collaborate with your team to verify any alerting mechanisms you have or may need to accurately detect unauthorized Access Points in your environment. Cyberflame will establish a Rogue Access Point that mirrors a valid access point and "trick" devices into connecting to it instead of your managed access point. This test is done to both detect and to obtain default usernames and passwords to gain access to your secure Wi-Fi networks, whether a guest network or for employees to connect to your internal network.
-
Encryption Key and Password Strength - Cyberflame will assist your team in assessing the strength and complexity of your wireless encryption (whether WEP, WPA2, or other), keys, and strong passwords, and their ability to be 'brute force' or dictionary cracked. We will also review your wireless routers' configurations to ensure the network is secure.
-
RF Signal Leakage - Cooperating with your team, we can identify areas of signal overspill or weak access areas within your organization.
-
Network Segmentation - Comparable to a miniature internal network penetration test, our team will try to gain access to your internal network from your guest and authenticated wireless networks to identify any weaknesses between your wireless environments and physical network firewalls that may need to be addressed.
-
Egress Filtering - By conducting a packet-level examination, Cyberflame can help your organization identify specific protocols or ports that establish outward connections from within your wireless environment.
-
Captive Portal Testing - If your organization utilizes captive portals as part of your wireless infrastructure, Cyberflame will perform basic testing against your application to ensure its integrity and security.
​
Throughout this step, we carry out several manual tests simulating real-world attacks that automated means cannot perform. During a Cyberflame penetration test, this phase consists of intense manual testing tactics and is often the most time-consuming phase.
Reporting
The reporting step aims to provide actionable results to project stakeholders. Cyberflame will compile, document, and risk rate findings and generate a clear, actionable report, complete with evidence, for project stakeholders. The report will be delivered through the customer portal and can be reviewed via an online meeting if desired.
Tools
To perform a comprehensive real-world assessment, Cyberflame uses commercially available tools, internally developed tools, and some of the same tools that hackers use in each assessment. Our intent is to assess your wireless network by simulating a real-world attack.
Here at Cyberflame, we understand that your organization's security, performance, and productivity are too crucial to rely on simple guesswork. A security services vendor with a proven track record and experience in assessing all the critical needs of an organization's environment, including their business goals, can be an invaluable partner. Cyberflame offers a wide variety of assessments and consulting engagements to ensure your organization achieves its goals while maintaining optimal productivity.