Wireless Security

Proactive, cost-effective security with a business focus
 

Wireless Infrastructure

When people think of wireless security, they typically throw around terms like WEP, WPA2, 802.1x and IPSec.  But these wireless infrastructure components are only one aspect of an overall wireless security posture.  To fully understand the state of wireless security, you need to understand where your wireless signals are and at what strength, the type of infrastructure security controls, the interaction of the wireless environment with the wired network, the security of wireless clients and even the effects on security of technologies such as Bluetooth, Zigbee and RFID.  NWN STAR’s approach to assessing wireless security takes all of these factors into consideration.

NWN uses wireless capable computing devices to identify wireless networks within the customer environment.  NWN then perform testing against the wireless network(s) to determine the security techniques and authentication methods used.  This testing will seek to identify any weaknesses in the configuration of the Client’s wireless infrastructure.  Where possible, NWN will attempt to gain access to the Client’s wireless network or to disclose wireless network access credentials.


In addition, NWN will review the overall design of the wireless network including how it integrates with the wired network to determine if the wireless network may be placing at risk, or may be at risk from, the wired network.

signal analysis

NWN will perform “war walking” to determine the locations from which Client wireless networks are visible and/or accessible.  NWN will provide the customer with an understanding of wireless signal leakage and signal strength as seen from various locations within the Client’s facility and from locations outside of the target facility.

client testing

Even with a “secure” wireless infrastructure, wireless clients are a target of attackers.  The use of corporate wireless devices in public locations (airports, hotels, coffee shops, etc.) can put corporate data and even login credential as risk.  To determine susceptibility to this type of attack NWN uses wireless capable computing devices to collect information about wireless clients to include laptops, smart phones, tablet computers and similar technologies.  This testing will include identification of:


-    Wireless networks to which Client computing devices regularly connect


-    Susceptibility to wireless infrastructure spoofing attacks


-    Direct connectivity to Client wireless devices

bluetooth

Smart phones, cell phones, tablet computers laptops all come with Bluetooth.  In addition, “hands free” Bluetooth headsets are a common sight almost everywhere.  These technologies however, can be a vector that attackers can used to collect data and even listen in on private conversations.  As part of its wireless assessment service, NWN reviews Bluetooth wireless networking within our client’s facilities to identify discoverable Bluetooth devices and Bluetooth devices with weak PINs or authentication credentials.  If found, NWN can attempt to gain access to or information from these devices.

other wireless

Bluetooth and traditional 802.11abgn solutions are not the only wireless technologies used throughout today’s computing environments and thus are not the only technologies that represent a threat.  NWN can review the security of other wireless technologies used throughout our client’s organizations including:

Wireless input devices such as:


    -    Keyboards and mice

    -    Zigbee devices

    -    Wireless headsets

    -    RFID solutions

    -    Pagers

    -    Cordless or wireless telephones