WIRELESS NETWORK ASSESSMENT

WHAT IS A WIRELESS NETWORK ASSESSMENT?

Wireless Network Assessment is a combination of a Penetration Test and Vulnerability Assessment but focuses on analyzing the security of the wireless environment.

We analyze your unique wireless security environment with a Pre-Assessment Visit, a Vulnerability Assessment, a Penetration Test, and a Post-Assessment Analysis.

Pen-Test-Pillar-Banner

Pretty much everything you'd need to know about penetration testing and assessments. 

LEARN MORE

BENEFITS

Benefits of a Wireless Network Assessment performed by RedLegg include:

INSIGHT:

Gain insight into many of the risks faced within your enterprise by identifying shortcomings in your existing security program.

EFFICACY:

Prioritize the biggest threats to the organization and strategically plan the necessary roadmap to safeguard your organization.

PROACTIVITY:

Reduce the impact and likelihood of a successful breach and data exfiltration through testing and securing of your organization.

COMPLIANCE:

Show customers and stakeholders your commitment to securing and protecting the most valuable assets against various threat actors.

WIRELESS NETWORK ASSESSMENT METHODOLOGY

The RedLegg methodology for conducting Wireless Network Assessments is based on a proven track record of providing high-quality results and detailed corrective actions that can help lower the overall risk of the tested environment.  Each engagement, however, is a specialized event unique to each client. 

RedLegg has developed a robust assessment methodology that maximizes technical results while minimizing the impact to the testing environment.  Although this methodology has been customized, it is based on proven industry best practices from the Open Source Security Testing Methodology (OSSTM), the Open Web Application Security Project (OWASP), and the Penetration Execution Standards (PTES).

The RedLegg methodology can be summarized as follows:

PHASE 1:
PRE-ASSESSMENT VISIT

  • OSINT
  • Inquire with customer about technologies in place

PHASE 2:
WIRELESS VULNERABILITY ASSESSMENT

  • Test for signal attenuation outside of the build.
  • Note the available SSIDs.
  • Note the security mechanisms used by each SSID.
  • If a network is open, identify second authentication methods (e.g. captive portal) used.

PHASE 3:
WIRELESS PENETRATION TEST

  • Initialize wireless monitor mode using airmon.
  • Use airodump to gather local wireless information.
  • Use airodump to collect handshakes.
  • If necessary, use de-auth to force handshakes.

PHASE 4:
POST-ASSESSMENT ANALYSIS

  • Perform offline cracking of any captured handshakes for PSK auth.
  • Draft testing results with findings' severity levels.
  • PHASE 1:
    PRE-ASSESSMENT VISIT
  • PHASE 1:
    PRE-ASSESSMENT VISIT

    • OSINT
    • Inquire with customer about technologies in place
  • PHASE 2:
    VULNERABILITY ASSESSMENT
  • PHASE 2:
    WIRELESS VULNERABILITY ASSESSMENT

    • Test for signal attenuation outside of the build.
    • Note the available SSIDs.
    • Note the security mechanisms used by each SSID.
    • If a network is open, identify second authentication methods (e.g. captive portal) used.
  • PHASE 3:
    PENETRATION TEST
  • PHASE 3:
    WIRELESS PENETRATION TEST

    • Initialize wireless monitor mode using airmon.
    • Use airodump to gather local wireless information.
    • Use airodump to collect handshakes.
    • If necessary, use de-auth to force handshakes.
  • PHASE 4:
    POST-ASSESSMENT ANALYSIS
  • PHASE 4:
    POST-ASSESSMENT ANALYSIS

    • Perform offline cracking of any captured handshakes for PSK auth.
    • Draft testing results with findings' severity levels.

SEVERITY RATINGS DESCRIPTION

RedLegg’s analysis process evaluates risk, ease of use, availability, and likelihood of exploiting a given finding to determine the severity rating. This determination may result in ratings that are different than the ones found within CVSS or automated tools. RedLegg uses the following severity ratings:

  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW
  • INFORMATIONAL

CRITICAL

Anything that clearly resulted in access to the wireless network. WEP and weak PSK fall into this category.

Critical issues should be addressed immediately.

HIGH

Network denial of service weaknesses, such as Misconfigured Access Points and Lack of WIDS/WIPS.

Issues rated as High should be addressed at the earliest opportunity.

MEDIUM

WPA-PSK typically falls here when un-cracked: issues that may reveal network information without gaining access.

Consider applying these security updates in accordance with corporate patching and/or maintenance.

LOW

Items like signal leakage and overly specific SSIDs (such as Accounting-Dept) would fall into this category.

Low vulnerabilities are comprehensively mitigated by the characteristics of the affected component.  Evaluate whether to apply the security update or mitigating control to the affected systems.

INFORMATIONAL

Anything that does not fit into the categories above, but that the customer should still be made aware of, is rated as Informational.  There are not always solutions or recommendations for Informational findings, as there may be no resolution.  If there is a risk of negative impact, the finding is not rated as Informational.

  • CRITICAL
  • Anything that clearly resulted in access to the wireless network. WEP and weak PSK fall into this category.

    Critical issues should be addressed immediately.

  • HIGH
  • Network denial of service weaknesses, such as Misconfigured Access Points and Lack of WIDS/WIPS.

    Issues rated as High should be addressed at the earliest opportunity.

  • MEDIUM
  • WPA-PSK typically falls here when un-cracked: issues that may reveal network information without gaining access.

    Consider applying these security updates in accordance with corporate patching and/or maintenance.

  • LOW
  • Items like signal leakage and overly specific SSIDs (such as Accounting-Dept) would fall into this category.

    Low vulnerabilities are comprehensively mitigated by the characteristics of the affected component.  Evaluate whether to apply the security update or mitigating control to the affected systems.

  • INFORMATIONAL
  • Anything that does not fit into the categories above, but that the customer should still be made aware of, is rated as Informational.  There are not always solutions or recommendations for Informational findings, as there may be no resolution.  If there is a risk of negative impact, the finding is not rated as Informational.

OUR APPROACH

RedLegg is an innovative, global security firm that delivers managed cybersecurity solutions and peace of mind to its clients.

RedLegg’s approach to information security protects the confidentiality, integrity, and availability of critical data based on a sound risk management framework. This approach allows organizations to engage business owners in defining acceptable levels of risk and to participate in the process for evaluating threats.

RedLegg’s ARMEE (Assess, Remediate, Monitor, Educate, Enforce) methodology institutes a lifecycle that allows for an ongoing process to continuously improve the security posture of the organization. This methodology is designed to be portable to all business, legal, regulatory, and security requirements of the organization. It is flexible enough to account for the constant flux in the market place, attack vectors, and protection mechanisms.

ARMEElogo-1

GO DEEPER.

Reach out to our expert staff to dive into your security gaps and to protect your company from breaches.

DISCOVER MY SECURITY RISKS