Wireless Network Penetration Test
Service Overview ⫘
The objective of an Wireless Penetration Test is to demonstrate weaknesses in systems, protocols or wireless network implementations. The goal of this test type is to leverage discovered weaknesses in wireless clients and infrastructure to pivot into an internal corporate network and gain access to targeted systems or data. The test includes exploitation of vulnerabilities, username and password discovery, lateral movement between wireless networks.
Service Methodology ⫘
Secureworks will conduct penetration testing against the in-scope wireless networks and clients. This will include passive monitoring of wireless traffic to determine weaknesses and then, if necessary, will actively attack the network to gain access by breaking encryption keys, impersonating access points to steal user credentials, or bypass other security measures. The test may include the following:
- Rogue access points & Evil Twin Attacks
- Attacking encryption key (WEP and Wi-Fi Protected Access/WPA) vulnerabilities
- Security architecture or configuration flaws
- Analysis of defensive measures (such as deauthentication attacks and rogue access points)
- Wireless client and user vulnerabilities
- Captive portal bypasses
- Client isolation and guest network configurations
- BYOD network isolation
Testing can either be done with or without credentials. Without credentials, it's possible that the wireless network is never compromised, and testing won't progress past the perimeter. With credentials, Secureworks can skip the initial breach and focus on 'what happens next'.
Outcome ⫘
Presentation of findings and deliverables compiled by Secureworks will be provided to you in the form of a report. The report may contain the following:
- Executive summary
- Methods, detailed findings, narratives, and recommendations if any
- Attachment as needed for relevant details and supporting data
Customer shall have one (1) week from delivery of the report to provide comments to be included in the final report. If there are no comments received from Customer before expiration of the review period, the report will be deemed final.
Upon completion of the Service, the Customer-designated contact will receive a secure/encrypted email confirmation from Secureworks. Unless otherwise notified in writing to the contrary by Customer-designated contact, within five (5) business days of such email confirmation, the Service shall be deemed complete.
Wireless Remote Testing Appliance ⫘
Testing can be performed remotely, using the Secureworks Wireless Remote Testing Appliance (wRTA). This hardware device can be shipped to the testing location, and phones home to Secureworks via Ethernet (RJ45) or Cellular LTE. Secureworks can then perform testing at the target location.
Scoping Information ⫘
Due to the nature of wireless testing, all systems that attempt to attach to the wireless network are in-scope. Any systems or users not explicitly excluded from testing may be impersonated or have their credentials compromised during attempts to attack the target networks.
Scope | Description |
---|---|
Wireless Network Penetration Test | 1 Physical Location (or floor of a building) per week. |
If additional locations are required, or multiple locations are similar, contact Secureworks for scoping assistance and efficient pricing.
Work is conducted during business hours of the Secureworks consultant. After-hours feature is available for an additional cost.
The complete Service Description for this service can be found here: Wireless Penetration Testing