Wireless access points can be easy targets for a cybercriminal to breach your system. Whether installed by stealth or just innocently by shadow IT, rogue access points are a significant security threat to the entire network. Legitimate access points are often misconfigured or contain vulnerabilities. Vulnerable wireless access points can give criminals a backdoor into the LAN to install malware, steal money and data, or alter systems on your network.
Wireless threats are so significant that the new PCI DSS 4.0 requires rogue wireless detection even if wireless is not used in the cardholder data environment and even if the entity has a policy that prohibits its use. This is because of the ease with which a wireless access point can be attached to a network, the difficulty in detecting its presence, and the increased risk of unauthorized wireless devices.
A Rogue Access Point is an Access Point that has either been installed on a secure company network without explicit planning, permission or authorization from a network administrator or has been installed by a hacker to conduct a man-in-the-middle attack.
The rogue access points are typically installed by employees who need additional freedom to move about at work. These types of rogue access points can be very dangerous since most users are unaware of the security issues associated with wireless devices.
Too often, we find the security team does not have an effective method of dynamically detecting rogue devices on its network. Enabling real-time rogue device detection and isolation techniques can significantly improve network security.
According to the Cybersecurity & Infrastructure Security Agency (CISA), Wireless networks (also called Wi-Fi) lack robust security tools such as firewalls, intrusion prevention systems, content filters, antivirus, and anti-malware detection programs—common to wired networks. Wi-Fi networks also provide wireless access points, which can be susceptible to infiltration. CISA published a list of best practices for hardening enterprise wireless networks, including:
Source: Securing Enterprise Wireless Networks
Active WIDS/WIPS enables network administrators to create and enforce wireless security by monitoring, detecting, and mitigating potential risks. Both WIDS and WIPS will detect and automatically disconnect unauthorized devices. WIDS provides the ability to automatically monitor and detect the presence of any unauthorized, rogue access points, while WIPS deploys countermeasures to identified threats. Some common threats mitigated by WIPS are rogue access points, misconfigured access points, client mis-association, unauthorized association, man-in-the-middle attacks, ad-hoc networks, Media Access Control spoofing, honeypot/evil twin attacks, and denial-of-service attacks.
A wireless pen test will examine your network using a methodology that focuses on wireless as the gateway to exploiting your vulnerabilities. The Truvantis approach may vary based on the size and complexity of the system, but the simplified steps of a wireless penetration test typically include:
Our accredited penetration testers are highly skilled specialists who have mastered the same skills used by cybercriminals. The Truvantis team of senior-level security engineers use wireless penetration testing to help your company achieve compliance, understand the real threats to your system, and create a realistic, actionable plan to mitigate risk. Whether wireless penetration testing is all you need or just a small piece of the puzzle, we'll help you shape the solutions that fit your business, budget, and goals.
Truvantis® is a cybersecurity consulting organization providing best-in-class cybersecurity services to secure your organization's infrastructure, data, operations and products. We specialize in helping our customers improve their cybersecurity posture by implementing testing, auditing and operating information security programs.