Wireless Networks have become ubiquitous in today's world. Millions of people use them worldwide every day at their homes, offices, and public hotspots to log on to the Internet and do both personal and professional work. Even though wireless makes life incredibly easy and gives us such great mobility, it comes with its risks. In recent times, insecure wireless networks have been exploited to break into companies, banks, and government organizations. The frequency of these attacks has only intensified, as the network administrators are still clueless on how to secure wireless in a robust and foolproof way.
What is Wireless Penetration Testing ?
Wireless Testing If the organization has a wireless network, the following activities may be undertaken. This is not an exhaustive list, and the tester is encouraged to update the list with new testing methods. Activities include the following methods:
- Check if the access point’s default Service Set Identifier (SSID) is easily available. Test to see if any access point broadcasts the SSID, and see if it is possible to access the LAN through this. Tests can include brute forcing the SSID character string using tools like Kismet.
- Check for vulnerabilities in accessing the WLAN through the wireless router, access point, or gateway. This can include verifying if the default Wired Equivalent Privacy (WEP) encryption key can be captured and decrypted.
- Audit for broadcast beacon of any access point and check all protocols available through the access points. Check if layer-2 switched networks are being used instead of hubs for access point connectivity.
- Subject authentication to playback of previous authentications in order to check for privilege escalation and unauthorized access.
- Verify whether access is granted only to client machines with registered MAC addresses.
Wireless scans in penetration testing
Wireless technologies, in their simplest sense, enable one or more devices to communicate without the need for physical connections such as network or peripheral cables. They range from simple technologies like wireless keyboards and mice to complex cell phone networks and enterprise wireless local area networks (WLAN). As the number and availability of wireless-enabled devices continues to increase, it is important for organizations to actively test and secure their enterprise wireless environments. Wireless scans can help organizations determine corrective actions to mitigate risks posed by wireless enabled technologies. The following factors in the organization’s environment should be taken into consideration when planning technical wireless security assessments: The location of the facility being scanned, because the physical proximity of a building to a public area (for example streets and public common areas) or its location in a busy metropolitan area may increase the risk of wireless threats The security level of the data to be transmitted using wireless technologies How often wireless devices connect to and disconnect from the environment, and the typical traffic levels for wireless devices (example occasional activity or fairly constant activity) this is because only active wireless devices are discoverable during a wireless scan Existing deployments of wireless intrusion detection and prevention systems, which may already collect most of the information that would be gathered by testing.
Wireless Attacks
Wireless Attacks: These are tools used to exploit vulnerabilities found in wireless protocols, including tools such as aircrack, airmon, and wireless password cracking tools. In addition, this section has tools related to RFID and Bluetooth vulnerabilities as well. In many cases, the tools in this section will need to be used with a wireless adapter that can be configured by Kali to be put in promiscuous mode.
EmoticonEmoticon