Wi-Fi Pentest




A pentest carried out on the company’s wireless access.

The auditor moves around the premises, or to the periphery, so as to be able to enter the internal network by bypassing the security of Wi-Fi networks.

    Fond vecteur créé par macrovector - fr.freepik.com

    Examples of attacks and checks carried out

    N

    Separation between employee and guest networks

    N

    Isolation between devices

    N

    Analysis and identification of surrounding Wi-Fi networks

    N

    Guests management

    Bruteforce attack on shared keys

    Wi-Fi networks impersonation (Rogue AP / Evil Twin)

    Security vulnerabilities on captive portals

    Different penetration testing scenarios exist

    Black box

    The consultant tries to connect to Wi-Fi networks (company or guest) without authorization.

    Grey box

    The auditor has the Wi-Fi key and/or an account on the Wi-Fi networks and ensures the tightness of the latter as well as compliance with good practices and security standards.

    In which cases should you choose the Wi-Fi penetration test?

    To ensure that an attacker or a former employee cannot access the Information System from a surrounding building.

    Verify that guest users of the wireless network do not have access to employee resources.

    Validate that the legal and regulatory aspects relating to the establishment of guest Wi-Fi networks are correctly applied.

    Mission organization

    An initiation meeting makes it possible to identify the needs and scope of the mission, as well as any constraints.

    In the majority of cases, a legal mandate is not necessary for this type of service.

    The consultant in charge of the mission can be reached at any time during its execution and informs the customer in the event of a critical discovery.

    g

    Penetration test results

    The deliverables of the mission include a report as well as two optional restitutions.

    The report includes a summary of the results as well as the details of the identified vulnerabilities and recommendations.

    The technical restitution is an opportunity for the consultant to present his approach and his results in an interactive way, and to discuss with the client and his teams on the action plan. Managerial restitution makes it possible to address an executive audience.