Wireless technology has become essential to most business environments, yet it can pose a significant threat to the security of your network. Organizations utilize wireless networks for a variety of business benefits; public access at stores and restaurants, POS technology, or corporate internet access. Balancing the business need for flexible and efficient wireless solutions while securing sensitive data can make the implementation of wireless technology complex. MegaplanIT will perform a detailed assessment of your organization’s wireless environment and share feedback to assist you in meeting audit standards such as PCI-DSS requirement 11.1.
The wireless security assessment consists of four phases:
Confirmation of scoping
Locating wireless access points
Wireless access point auditing
Wireless assessment testing reporting
MegaplanIT’s consultant will methodologically attempt to map any in-scope locations and identify any wireless access points, both internal and external. This should allow MegaplanIT to accurately determine the SSID and location of every wireless device in use, which is followed by a detailed audit of each access point.
The consultant will undertake a review of any access points identified and perform a risk assessment based on the following criteria:
Presence of SSID broadcast beacons
Encryption type and key strength
Presence of DHCP address allocation
Filtering of devices by MAC address
During this next phase, MegaplanIT will leverage access to attempt to identify and exploit any vulnerabilities identified by taking the following steps:
The consultant will attempt to access the corporate network, the internet, and other wireless devices through any identified vulnerability.
The consultant will attempt to access confidential or proprietary information.
The consultant will attempt to intercept any unencrypted network traffic utilizing the wireless network.
Undertaking a wireless assessment can ensure that your wireless solutions are appropriate and secure. MegaplanIT will audit your estate for rogue access points and assess the authentication of secure access points. Wireless audits are often dictated by compliance standards and will also form part of a mature risk management approach to Information Security.