Penetration tests done wirelessly assess the adequacy of multiple security controls designed to protect unauthorized access to wireless services. Testing attempts to exploit wireless vulnerabilities to gain access to private (protected) wireless SSIDs or to escalate privileges on guest SSIDs intended to be isolated from private networks.
The wireless network brings convenience and mobility to internal users, but with these benefits come with additional risks. An attacker does not need to gain physical access if vulnerable wireless networks can be compromised from a safe distance. Wireless access provided to guests and visitors needs to be isolated from protected environments. Wireless provided to employees needs to protect those connections and the data transmitted over the air. Testing wireless networks is a critical activity to ensure wireless networks are providing the intended access and only the intended access.
A Comprehensive Methodology:
NETWORK RECONNAISSANCE: Exploring connected networks to identify lateral targets, test segmentation, and bypass intended restrictions on movement within the wireless network.
WIRELESS RECONNAISSANCE: Detecting and identifying authentication methods supported, encryption requirements, MAC address restrictions, and the technologies in use.
AUTHENTICATION ATTACKS: Tests targeting password complexity, authentication handshake manipulation, and password cracking attempts.
ENCRYPTION EXPLOITS: Testing encryption methods and effectiveness, attempts to intercept information from other connected users, and performing decryption attacks.
MAC ADDRESS FILTERING BYPASS: Attempts to bypass evaluate the effectiveness of MAC address filtering through cloning, enumeration, and bypass attacks.
PRIVILEGE ESCALATION: Identifying potential targets on the protected network, bypassing segmentation rules, and leveraging the wireless network to pursue further internal attacks.