Wi-Fi Pentest
A pentest carried out on the company’s wireless access.
The auditor moves around the premises, or to the periphery, so as to be able to enter the internal network by bypassing the security of Wi-Fi networks.
Examples of attacks and checks carried out
Separation between employee and guest networks
Isolation between devices
Analysis and identification of surrounding Wi-Fi networks
Guests management
Bruteforce attack on shared keys
Wi-Fi networks impersonation (Rogue AP / Evil Twin)
Security vulnerabilities on captive portals
Different penetration testing scenarios exist
Black box
Grey box
The auditor has the Wi-Fi key and/or an account on the Wi-Fi networks and ensures the tightness of the latter as well as compliance with good practices and security standards.
In which cases should you choose the Wi-Fi penetration test?
To ensure that an attacker or a former employee cannot access the Information System from a surrounding building.
Verify that guest users of the wireless network do not have access to employee resources.
Validate that the legal and regulatory aspects relating to the establishment of guest Wi-Fi networks are correctly applied.
Mission organization
An initiation meeting makes it possible to identify the needs and scope of the mission, as well as any constraints.
In the majority of cases, a legal mandate is not necessary for this type of service.
The consultant in charge of the mission can be reached at any time during its execution and informs the customer in the event of a critical discovery.
Penetration test results
The deliverables of the mission include a report as well as two optional restitutions.
The report includes a summary of the results as well as the details of the identified vulnerabilities and recommendations.
The technical restitution is an opportunity for the consultant to present his approach and his results in an interactive way, and to discuss with the client and his teams on the action plan. Managerial restitution makes it possible to address an executive audience.
