Share :
Wifi audit methodology
Often considered secure and robust, WiFi networks and the implementations that revolve around their use nevertheless present a number of weaknesses inherent to the wireless world.
However, attacks on WiFi are not simple to implement as they often require cards capable of injecting frames which is a necessary prerequisite for WiFi attacks and most PCs do not have this capability.
For black box tests, the methodology consists of mapping the surrounding WiFi networks in order to detect the presence of possible hidden networks. An analysis of authentication methods is also performed. By passive listening, the auditor verifies or disproves various authentication weaknesses, analyzes EAP response/identity exchanges with the aim of finding information of particular interest. Finally, setting up a rogue Wifi access point (Rogue AP) enables you to check various control points such as authentication methods, Radius server identity, etc.
For the gray box approach, the auditor seeks to verify the network access control (by MAC address for example) as well as the network partitioning. Another point of attention is to check the access point’s management interface(s) and whether they are reachable on the current network/VLAN. Finally, wifi-open-guest often features a captive web portal. The listener then tries to circumvent the identification. Indeed, captive portals are often equipped with fixed size “slots” allowing X simultaneous connections. Thus, by automating numerous connections to the wifi-guest with MAC addresses generated on the fly, slots can be saturated causing a denial of service of the guest access point.
As part of its wifi audit services, Synetis is able to help you raise awareness among your employees, as well as point out any technical weaknesses in your corporate wifi networks.
