Wireless networks are now widespread in industry. The nature and scale of the deployment infrastructure is usually dependent on business benefits and the risk appetite of the organisation.
Many deployments are accessible beyond the normal physical perimeter of the premises that protect traditional infrastructure; this presents a unique set of threats. Wireless access points can be targeted, simply out of curiosity, by opportunist attackers, as part of a concerted and deliberate attack, and by advanced persistent threat sources.
A Cyberis wireless security test will typically include the following phases:
- Black-box penetration test of the wireless infrastructure
- Review of wireless protocols in operation
- Review/test of the segregation controls
- Review of the network management policies, processes and procedures
Optionally, rogue access point detection can be included in the test.
The black-box penetration test will identify any immediate vulnerabilities and weaknesses in the design and configuration of the wireless infrastructure, from information leakage to serious risks that lead to unauthorised access. Based on the configuration review phases, the Cyberis report will also assess the risk from persistent attacks that cannot be demonstrated in the confines of the penetration test.
Where required, Cyberis technical consultants will also review the network segregation controls, to ensure boundaries cannot be traversed - for example, determine whether it is possible to exploit vulnerabilities or weaknesses to escalate access as a valid user of a wireless guest network to a corporate network.
A Cyberis wireless test gives you security assurance that the technical risks of your wireless infrastructure have been thoroughly assessed, allowing you to manage any risks identified through simple acceptance or through treatment. Cyberis will provide treatment advice, in the form of management, operational and/or technical control options.
A Cyberis wireless security test can also be scoped to fulfil specific legislative and regulatory requirements such as PCI DSS requirements 2.1.1, 4.1.1 and 11.1.
- Provides comprehensive security assurance of wireless technical infrastructure in consideration of the unique threats associated with it
- Tailored risk assessment report that considers the operational requirements and data assets that are transmitted over the wireless media
- Fulfils compliance testing requirements for wireless networks, such as the PCI DSS