Wireless Security

Wireless networks are obvious targets for hackers, corporate espionage and spammers. Whether authorized or rogue, a wireless network can provide a backdoor to your core IT infrastructure—and you need a thorough wireless security assessment from a partner you can trust.

Sword & Shield Wireless Testing will:

• Determine if a wireless network is vulnerable to attack
• Find unauthorized wireless access points
• Identify vulnerable laptops connected to rogue access points
• Determine how far a wireless network extends outside the physical boundaries of a facility
• Test the authorization and authentication system
• Determine how well wireless IDS/IDP is working
• Determine if the wireless deployment meets compliance requirements

Our Methodology for Wireless Security Testing

Sword & Shield Wireless Testing examines the subsystems, components and security mechanisms of a wireless network and identifies any weaknesses. Our analysts consider two types of wireless network threats: 1) opportunistic and 2) targeted with limited resources. From there, Sword & Shield Wireless Testing consists of seven key stages:

1. Security Architecture Review
2. Vulnerability Analysis Test Plan (includes outdoor and indoor testing)
3. Network Mapping and Data Collection of Accessible Networks
4. Threat Model Identification
5. Vulnerability Identification
6. Penetration Testing
7. Analysis and Reporting

Questions Our Report Will Answer

• Do you have unauthorized wireless access points?
• How far does your wireless network extend?
• Is your wireless IDS/IDP working to keep unauthorized users from your core network and data resources?
• Does your wireless deployment meet regulatory requirements for PCI, PHI, etc.?

Wireless Testing results and analysis are presented in a comprehensive report detailing the vulnerabilities present and/or exploited in the network, network devices and specific systems. The impact of vulnerability exploitation is discussed and may be used as input for further risk analyses. In addition to describing the current security posture, we provide recommendations for safeguarding systems, including tools, policy, procedures and information sources.

Real Success Story

While executing a wireless security assessment at the head quarters of a large retailer, Sword & Shield analyst identified four wireless access points that were accessible from the firm’s parking lot. Upon careful inspection of these access points, it was determined that one was configured with the wireless encryption protocol (WEP) enabled, a deprecated and cryptographically insecure protocol. Using publicly available open source tools, the Sword & Shield analysts were able to quickly gain access to the wired network that the vulnerable wireless access point bridged. Within minutes it was determined by the assessment team that the wired network was the retailer’s internal network. After notifying the network manager who confirmed that it was not an authorized device, the assessment team attempted to identify the precise location of the rogue access point. The result of the investigation was that a member of the retailers accounting team had installed a personal access point several weeks prior.

Based on the findings of the wireless assessment, the large retailer implemented 802.1x across all internal networking devices. Also, the retailer updated their acceptable use policy to include verbiage prohibiting the connection of unauthorized devices to the corporate network. Sword & Shield’s wireless assessment services helped remediate a serious vulnerability that exposed their internal network to the outside and could have resulted in a breach.

Talk With a Testing Analyst

Sword & Shield has been outsmarting cyber-criminals and improving security for enterprises around the world since 1997. To learn more about our Wireless Security Testing service and our other areas of expertise, please fill out our Request Consultation form or contact us by phone today.

U.S. Toll-free: 800-810-1885

International: 865-244-3500