Wireless technology has become essential to most business environments, yet it can pose a significant threat to the security of your network.  Organizations utilize wireless networks for a variety of business benefits; public access in stores and restaurants, POS technology, or corporate internet access.  Balancing the business need for flexible and efficient wireless solutions while securing sensitive data can make the implementation of wireless technology complex.  MegaplanIT will perform a detailed assessment of your organization’s wireless environment and share feedback to assist you in meeting audit standards such as PCI-DSS requirement 11.1.


ENGAGEMENT APPROACH

The application penetration testing assessment consists of four phases:
1.    Confirmation of scoping
2.    Locating wireless access points
3.    Wireless access point auditing
4.    Wireless assessment testing reporting

MegaplanIT’s consultant will methodologically attempt to map any in-scope locations and identify any wireless access points, both internal and external.  This should allow MegaplaniIT to accurately determine the SSID and location of every wireless device in use, which is followed by a detailed audit of each access point.

The consultant will undertake a review of any access points identified and perform a risk assessment based on the following criteria:
Presence of SSID broadcast beacons
Encryption type and key strength
Presence of DHCP address allocation
Filtering of devices by MAC address

During this next phase, MegaplanIT will leverage access to attempt to identify and exploit any vulnerabilities identified.  
The consultant will attempt to access the corporate network, the internet, and other wireless devices through any identified vulnerability.
The consultant will attempt to access confidential or proprietary information.
The consultant will attempt to intercept any unencrypted network traffic utilizing the wireless network

Undertaking a wireless assessment can ensure that your wireless solutions are appropriate and secure.  MegaplanIT will audit your estate for rogue access points and assess the authentication of secure access points.  Wireless audits are often dictated by compliance standards and will also form part of a mature risk management approach to Information Security.