Share:
Methodology of the Wifi Audit
Often considered secure and robust, WiFi networks or implementations that revolve around its use still have some weaknesses inherent to the wireless world.
Nevertheless, attacks on Wifi are not easy to implement because they often require cards capable of injecting frames which is a necessary prerequisite for Wifi attacks and most PCs do not have this capability.
For the black box tests, the methodology consists in mapping the surrounding Wifi networks in order to detect the presence of possible hidden networks. An analysis of authentication methods is also performed. By passive listening, the auditor verifies or invalidates various authentication weaknesses, analyzes EAP response/identity exchanges in order to find information of particular interest. Finally, the installation of a malicious Wifi access point (Rogue AP) allows to verify various control points such as authentication methods, the identity of the Radius server, etc.
For the grey box approach, the auditor is looking to verify the network access control (by MAC address for example) as well as the network partitioning. Another point of attention is to check the administration interface(s) of the access point and if they are reachable on the current network/VLAN. Finally, wifi-open-guest often have a captive web portal. The listener then tries to bypass the identification. Indeed, captive portals are often equipped with "slots" of fixed size allowing X simultaneous connections. Thus, by automating numerous connections to the wifi-guest with MAC addresses generated on the fly, the slots can be saturated causing a denial of service of the guest access point.
As part of its wifi audit services, Synetis is able to help you raise awareness among your employees and also to point out your technical weaknesses concerning your corporate wifi networks.
