Wireless security should be thought of an extension to an organisation’s overall network security and thus part of any infrastructure penetration test or vulnerability testing exercise. 7Safe’s team has built up strong experience in testing wireless security over the years by understanding how various wireless networks are architected and implemented either using the wireless security standards or leveraging wireless security mechanisms provided by reputable vendors to mitigate risk.
Wireless Security Testing
7Safe undertakes wireless security sweeps during its testing and can work from both external and internal points of a company and have all manner of equipment to undertake such work (including professional “Cantennas” (please see http://en.wikipedia.org/wiki/Cantenna). Very often wireless networks can present an unknown threat to an organisation either being mis-configured or by being installed without IT knowing. Thus wireless vulnerability testing is of importance to any organisation concerned about their network security.
Laptop / Device Wireless Security
7Safe is asked on a regular basis to assess laptop security and undertake laptop build reviews. Very often as part of this testing we undertake an examination of wireless security on the device which may also include Bluetooth, 3G and wireless testing together with a forensic analysis of overall device security including encryption. For example, could the laptop associate with a rogue access point if a policy were not in place to stop such associations and is it possible to route through other connections from the device such as 3G or wired?
Wireless Security Training
Over the years 7Safe has developed a whole variety of hands-on penetration testing courses and specifically wrote “CWSA Wireless security training course” for our clients who were concerned with wireless security.
PCI DSS wireless guidelines
Clearly any wireless network can present a risk to the PCI Cardholder Data Environment (CDE) if such an environment is made accessible. Our PCI QSA team work very closely with 7Safe’s penetration testing team to establish risks to the CDE that can then be mitigated through careful segregation, wireless testing and other forms of vulnerability testing.