Wireless Network Testing

Based on the Institute of Electrical and Electronics Engineers (IEEE) 802.11 wireless networking standards, Wi-Fi wireless networks have inherent risks due to their shared physical medium: electromagnetic waves. These networks provide organizations better usability and allow employees or guests to roam throughout the physical location and remain connected. However, Wi-Fi technologies also impose risks to an organization. Risks can come from improperly secured infrastructure, rogue access points, and wireless clients themselves.

MAC filtering, WEP encryption, and pre-shared keys are no longer effective defensive measures to protect clients using the wireless network and their information. Most of these measures can be bypassed or broken within minutes, exposing the internal infrastructure. DJPaA will conduct configuration reviews, technical testing, and scanning for rogue access point detection. For Payment Card Industry (PCI) data environments covered within scope, this testing may be used to satisfy relevant Data Security Standard requirements. We will passively monitor the wireless network to determine weaknesses first, and then, if necessary,  actively attack the network to gain access by breaking encryption keys or bypassing other security measures.

Results of the test may include, as appropriate: 

  • Wi-Fi signal leakage security design flaws

  • Rogue access points analysis of defensive measures

  • Encryption keys (IVEP/WPA)

DJPaA will perform a site survey, passively and/or actively searching for rogue devices. Data gathered will be compared to known authorized access points and clients to determine if any rogue devices exist, to the extent possible. 

During our wireless connectivity architecture evaluation, we will perform the following tasks:

• Wireless security configuration 

• Encryption usage and configuration 

• Ability to detect rogue access points or clients 

• Overall wireless security controls

Wireless security testing, which will include the following tasks:

• Run tests against wireless access points 

• Run tests against wireless clients 

• Attempt to bypass encryption usage and configuration 

• Attempt to bypass overall security controls and gain access to a non-public network

  • "His record of corporate successes in a highly competitive cybersecurity environment speaks for itself."

    -Timothy M. Opsitnick

  • " In particular, he provided the core capability we needed to execute a recent cybersecurity assessment for the U.S. Department of Energy (DOE)."

    -Ranson J. Ricks

  • "David has impressed me with his ability to maintain a high degree of security knowledge in a field that is constantly changing."

    -Timothy M. Opsitnick