Independent information security

Wireless Testing / Wireless penetration testing

Wireless networks are vital for providing access to systems and data, but they can also act as an entry point for cybercriminals.

Home Solutions Penetration Testing Wireless Penetration Testing

What is wireless penetration testing

Wireless penetration testing assesses wireless local area networks (WLANs). It uses associated wireless protocols and technologies, including Bluetooth, to identify and address vulnerabilities that could lead to unauthorised network access and data leakage.

The Challenges of Wireless Testing

The following have been identified as wireless pen testing vulnerabilities:

Rogue access points
Weak encryption
Default router setups
Wireless zero configurations
Guest WiFi weaknesses
Bruteforce weaknesses
Bluetooth exploits
WPA key vulnerabilities

The Challenges Of Wireless Testing

Identify vulnerabilities in your wireless devices.
Detect default Wi-Fi settings.
Identify rogue or open access points.
Identify misconfigured or duplicated wireless networks.
Identify insecure wireless encryption standards (such as WEP).

Our approach to wireless pen testing

A SecuriCentrix wireless pen test follows a tried and tested methodology to identify, exploit and help address vulnerabilities. Here’s how we approach a wireless assessment:

Why Choose Us

Wireless LAN connections (WiFi) can allow attackers into an organisations environment irrespective of the security controls. Our team of skilled penetration testers use a structured approach to satisfy your organisation’s expectations, conducting vulnerability discovery and exploits safely. We help you to identify and reduce your wireless risks.

Frequently Asked Questions

What are penetration tests?

Penetration tests are the authorised, simulated cyber-attack against your computer system in a targeted environment to check for exploitable vulnerabilities. The penetration tester will use both manual or automated testing techniques to identify the vulnerabilities that are in an environment and use these to exploit the environment potentially.

What are the different types of tests?

Internal Penetration tests
Internal tests simulate an attack that has already bypassed your security perimeter. It discovers what an attacker can do internally, such as moving across systems and networks. It also simulates what a trusted insider (like disgruntled employees) could potentially do.

External Penetration tests
External tests simulate the ability of an attacker to gain access to your internal network and infrastructure from outside of your security perimeter.

Segmentation Tests
Segmentation Tests are conducted from untrusted networks to validate the functioning of segmentation security controls.

Web Application Penetration testing
Web application penetration tests are conducted against public-facing web applications or interface to validate whether vulnerabilities, including those listed in OWASP, will expose the back-end systems to any potential attacks or compromises.

What are the different levels of Penetration Tests?

Black Box tests are where the penetration tester knows nothing of the infrastructure to be tested. So it’s more indicative of a real-world attack, but this method may not always expose all vulnerabilities.

White Box tests are tests where the penetration tester can access complete and in-depth information on the infrastructure kept for testing. Whilst not as realistic as a black-box test, it allows thorough testing of the infrastructure.

Grey Box tests are the most popular form of test that takes a balanced approach between white and black boxes. A grey box test discloses just enough information to perform a thorough, systematic test whilst keeping the scenario relevant and realistic.

What are the types of penetration tests required for PCI DSS?

As part of Requirement 11, PCI DSS requires Internal Infrastructure Tests, External Infrastructure Tests and Segmentation Tests. In addition to this, as per Requirement 6, the applications or interfaces should have a public-facing environment. One will also need to perform a Web Applicable Penetration test known as Web Application vulnerability assessments.

What is the frequency to conduct different types of Penetration tests?

As a good security practice, Internal, External and Web application tests should be conducted at least annually or after any significant change to the infrastructure or applications, this is to ensure that the change has not adversely affected the security of the environments in which they reside. In addition, segmentation testing should be completed every six months if you are a service provider facilitating payments and annually for other organisations.

Our services

SecuriCentrix’s security services are designed to provide the vital assistance needed to make tangible improvements to your organisation’s cyber security posture.

Security
Validation

Expert security services and solutions tailored to your needs

Assessment and Advisory

Specialist engagements to uncover and address hidden cyber security risks

Compliance

Expert help to manage and monitor your choice of security technologies