Wireless networks are particularly vulnerable to attacks because it is extremely difficult to prevent physical access to them. Wireless networks are subject to both passive and active attacks. A passive attack is one in which an attacker just captures signals flowing from authorized devices, such as a corporate laptop to an authorized Access Point (AP). An active attack is one in which an attacker sends signals to the authorized AP in order to solicit specific responses and intrude upon the corporate network, typically, in a very short time-frame.
Elevate will conduct configuration reviews, technical testing and scanning for rogue access point detection. We will passively monitor the wireless network to determine weaknesses first, and then, if necessary, actively attack the network to gain access by breaking encryption keys or bypassing other security measures. Results of the test may include, as appropriate:
Discover Wireless Access Points and Workstations
Investigate rogue devices installed without IT department consent
Assess WiFi RF coverage trying to sniff from adjacent buildings and public locations
Determine the existing WiFi Security Infrastructure
Attempt to compromise the wireless security
Determine encryption type and compromise the security
Evaluate Security design flaws
Elevate uses a structured and iterative process, testing the network architecture, systems configurations, processes, and procedures that affect the ability to protect your wireless assets from unauthorized access.
At your request, we will attempt to detect, analyze, and compromise the wireless networks in place.
Wireless clients are a critical part of the security of a wireless network. However, clients are often overlooked during testing. At your request, Elevate can establish rogue access points and attempt to coerce clients to attach, in order to demonstrate the ability of an attacker to compromise laptops and other devices which connect to the wireless network.
This threat exists not only on a corporate campus but also in coffee shops, airports and other public places where laptops may be used. Attackers can take this opportunity to compromise the laptop, which then reenters the corporate network.