Wi-Fi Pentest Objectives
In the most recent years, there has been an exponential increase in the use of wireless technology in corporate environments. Access to internal networks via wireless devices has opened new doors to potential malicious threats and increased technological risk in organizations. Wireless technology presents unique threats as their signals propagate outside physical boundaries which in turn are harder to control. Configuration errors and the the use of outdated security protocols can allow unauthorized access to internal networks as well.
Wifi Pentest will simulate and test all types of attacks that a cybercriminal could carry out in real life.
Wi-Fi Pentest Benefits
The benefits of WiFi Pentest include:
Understanding possible intrusions to corporate networks through the wireless network.
Preventing information leaks and malware distribution.
Determine whether wireless security devices are capable of detecting and preventing wireless attacks.
Ensuring compliance with regulatory requirements for wireless technologies.
Improper use of wireless networks.
At Tarlogic, we offer several different review modalities depending on the depth to be audited:
Wi-Fi Pentest: The objective of this Wi-Fi intrusion test is to find the your Wi-Fi weaknesses that could potentially allow a malicious actor to intrude into a corporate wireless network.
Wi-Fi Security Assessment: The objective of the security assessment is to find all of the security weaknesses in your Wi-Fi networks. For this specific purpose, Tarlogic has developed the OWISAM security methodology.
OWISAM is the acronym for "Open Wireless Security Assessment Methodology". Thanks to the use of Creative Commons licenses, the entire community can make use of this methodology, modify it and improve it over time. The OWISAM security methodology defines a total of 64 technical controls that are grouped into ten categories. Using the ten categories there is a set of tests required to successfully ensure a successful security assessment of a wireless infrastructure.
In addition to a security analysis aimed at verifying all the technical controls, it is possible to perform a wireless audit taking into account only the top 10 security risks of wireless infrastructures.
OWISAM Top 10 defines the main security risks of wireless networks:
- OWISAM-TR-001: Open Wi-Fi communication networks.
- OWISAM-TR-002: WEP-based encryption in communication networks.
- OWISAM-TR-003: Insecure key generation algorithms (devices, WEP, WPA(2)-PSK and WPS passwords).
- OWISAM-TR-004: WEP/WPA/WPA2 dictionary based key.
- OWISAM-TR-005: Insecure authentication mechanisms (LEAP, PEAP-MD5 ...)
- OWISAM-TR-006: Device with WiFi Protected Setup support active (WPS).
- OWISAM-TR-007: Wi-Fi networks not authorized by the organization.
- OWISAM-TR-008: Insecure captive portal in Wi-Fi Hotspots.
- OWISAM-TR-009: Client trying to connect to insecure networks.
- OWISAM-TR-010: Overextended Wi-Fi networks coverage.
Wi-Fi Coverage Analysis: This analysis of Wi-Fi performance and coverage is one of the services in which Tarlogic has the most experience thanks to the knowledge obtained with the development of its own wireless network monitoring solutions AcrylicWiFi.