Informar de un incidente

Select Page

 WIRELESS DEVICE TESTING

LRQA Nettitude delivers wireless device testing as a common component of most internal onsite penetration tests. LRQA Nettitude delivers assessments against most common 802.11 protocols, often referred to as WIFI protocols.

LRQA Nettitude is proud to have been approved by CREST as a having certified wireless testing capability. This is an accolade that has only been awarded to 2 penetration testing companies globally, and it demonstrates our capability and experience within this specific domain of expertise.

Wireless assessments can be delivered through attacks that target the existing wireless infrastructure that runs and operates within an organisation, as well as the clients that interact with this infrastructure. It is common for both types of assessments to be conducted in a thorough wireless penetration test. Although it is possible to conduct this type of assessment remotely, through shipping wireless devices to site, LRQA Nettitude’s preferred approach is to attend the location that is being assessed, and simulate a threat actor that has local access to the surrounding airspace.

General Enquiry.

Unencrypted WLAN

There are two types of un-encrypted wireless LANs that exist.  These typically consist of visible and invisible infrastructures.

Visible Unencrypted WLANS

For visible WIFI networks, LRQA Nettitude connects to the Wireless LAN and sniffs network traffic looking for IP addressing details.  Once this information has been captured, LRQA Nettitude allocates themselves an IP address, and moves on to carrying out LRQA Nettitude standard Infrastructure Testing methodology.  For MAC filtered environments, LRQA Nettitude de-authenticates a valid client, and connects in using the valid MAC address.

Invisible Unencrypted VLANs

For invisible Wireless LANs, LRQA Nettitude de-authenticates the client, and captures the re-authentication request.  With this information, LRQA Nettitude is able to connect to the Wireless network and then carry out the phases detailed within the visible wireless network testing approach.

WEP based Networks

Two types of WEP based networks exist.  These again consist of visible and invisible infrastructures.

Visible

For visible networks, LRQA Nettitude attempts a WEP based attack, by capturing weak IVs and running them through a series of Wireless Security tools.  The intent here is to capture enough weak IVs to be able to crack the WEP key.  Once the WEP key has been cracked, LRQA Nettitude connects to the wireless network and then moves on to carrying out testing consistent with the Visible unencrypted WIFI test plan.

Invisible

For invisible networks, LRQA Nettitude de-authenticates the client and then uses a series of tools to capture re-authentication requests and Weak IV pairs.  The approach then moves on to that of the visible WEP network test plan.

WPA/WPA2 Encrypted Networks

LRQA Nettitude first determines whether the environment has a visible or hidden SSID.  The approach for undertaking this is consistent with the test plans identified in the Visible and Invisible unencrypted WIFI environment.

Once this has been determined, LRQA Nettitude issues a de-authentication packet to the WIFI connected resources. Re-authentication requests are then captured, and the EAPOL handshake is extracted.  Once this handshake has been captured, LRQA Nettitude carries out a brute force attack against it, with the intent of deciphering the WPA/WPA2 key.

LEAP Based Networks

LRQA Nettitude first determines whether the environment has a visible or hidden SSID.  The approach for undertaking this is consistent with the test plans identified in the Visible and Invisible unencrypted WIFI environment.

Once this has been determined, LRQA Nettitude issues a de-authentication packet to the WIFI connected resources. Re-authentication requests are then captured, and LRQA Nettitude looks to capture and break the LEAP requests.

802.1X WLAN

For 802.1x based attacks, it is usual for LRQA Nettitude to create a rogue access point, with the same SSID as the real WIFI network.  By a series of techniques, (de-auth/re-auth) LRQA Nettitude then coerces clients into connecting to this access point.

Once the client has tried to authenticate with the rogue access point, LRQA Nettitude will try to compromise the client by acquiring either passphrases or certificates.  In addition, LRQA Nettitude may look to inject their own certificate in to the authentication process, for poorly configured client devices.  Once the client has been compromised, LRQA Nettitude will attempt to deploy a keylogger to capture manually keyed usernames and passwords.  By gaining access to these resources, LRQA Nettitude will attempt to gain access to the WIFI environment.

Extended Wireless Device Tests

In addition to many of the standard corporate tests, LRQA Nettitude recognises that many employees will have wireless environments configured at home. These environments will frequently use standard security controls that can be re-used inside the corporate environment. LRQA Nettitude will look to deploy rogue access points into an infrastructure that masquerade as the corporate infrastructure as well as mimicking many of the weaker security controls deployed within the home wireless environment.

LRQA Nettitude has a comprehensive wireless testing methodology that is available on request. All tests are consultancy driven, and can be adapted to fit whatever your wireless security requirements dictate. Wireless testing has become a standard component of most internal penetration testing engagements.  To find out how LRQA Nettitude can help you manage the risk associated with your WIFI estate, please complete our contact form and a consultant will respond to your enquiry.

Frequently Asked Questions about Data Privacy Security

What is an incident response policy?

An Incident response plan or policy is a process you create before you experience a cyberattack. This is so that your team has a procedure to follow when you do experience a data breach. LRQA Nettitude follows the CREST Cybersecurity Incident Response process which is broken down into 3 phases: preparation, response, and follow up. Having a breach plan gives you the confidence to quickly nullify any threat to your data privacy security.

Why is data privacy security important?

Although it has always been important, the implications and need for higher security are coming into play now that technology is indispensable to everyday life. Using apps, browsing websites, and shopping online are all examples of how your data will be stored and managed online. For organisations today, the threat of cyber theft is a pertinent one. Having comprehensive data privacy plans in place can reduce and mitigate the risks of such events.

Does LRQA Nettitude practice sustainability?

As a company with a global footprint, sustainability is an area of importance to us. We are a registered ‘Investor in People’ organisation. Taking a cue from ISO 14001, we have strong sustainability practices put in place. Our organisation also hires fairly and equally, across gender and race. By working with us, you can rest assured that we implement data privacy security measures with ethics at the core of our mission.

Get in touch via the form below and get a free quote from us for our Red Team Security Testing services.

General Enquiry