Wireless Penetration Testing
  1. Wireless Penetration Testing Tools

  2. Wireless Penetration Testing

  3. Wireless Penetration - Vulnerabilities and Resources

  4. Scope/Results of Wireless Assessment

Scope/Results of Wireless Assessment

The following information should ideally be obtained/enumerated when carrying out your wireless assessment. All this information is needed to give the tester, (and hence, the customer), a clear and concise picture of the network you are assessing. A brief overview of the network during a pre-site meeting at which the customer should allow you to estimate the time line required to carry out the assessment out.

  • Site Map
    • RF Map
    • Lines of Sight
      Signal Coverage

      • Standard Antenna
      • Directional Antenna

    • Physical Map
    • Triangulate APs
      Satelite Imagery

  • Network Map
    • MAC Filter
    • Authorised MAC Addresses
      Reaction to Spoofed MAC Addresses

    • Encryption Keys utilised
    • WEP

      Key Length
      Crack Time


      • TKIP
      • Temporal Key Integrity Protocol, (TKIP), is an encryption protocol desgined to replace WEP
        Attack Time

      • AES
      • Advanced Encryption Standard (AES) is an encryption algorithm utilised for securing sensitive data.
        Attack Time


      Derivative of 802.1x in use

    • Access Points
    • ESSID
      Extended Service Set Identifier, (ESSID). Utilised on wireless networks with an access point
      Broadcast ESSIDs

      Basic service set identifier, (BSSID), utilised on ad-hoc wireless networks.
      Rogue AP Activity

    • Wireless Clients
    • MAC Addresses
      Operating System Details
      Adhoc Mode

      Intercepted Traffic
      Clear Text

There are a few different procedures you can perform to temporarily fix problems with WEP.

  • Use longer WEP encryption keys, which makes the data analysis task more difficult. If your WLAN equipment supports 128-bit WEP keys, use it and don't accept anything less.
  • Change your WEP keys frequently. There are devices that support "dynamic WEP" which is off the standard but allows different WEP keys to be assigned to each user. Increasing the number of WEP keys in use increases the difficulty a hacker with encounter in cracking it. Since dynamic WEP is non-standard, implementations from different vendors are usually inoperable; stick with one manufacturer.
  • Place APs only on their own firewalled interface. Locate all access points outside your internal LAN, on a separate firewall interface on the firewall server/device.
  • Use a VPN for any protocol, including WEP, that may include sensitive information.
  • Implement a different technique for encrypting traffic, such as IPSec over wireless. To do this, you will probably need to install IPsec software on each wireless client, install an IPSec server in your wired network, and use a VLAN to the access points to the IPSec server. (Obviously, this is not an inexpensive proposition.) Using this method, WLAN users establish an IPSec tunnel to the IPSec server, thereby encrypting all wireless traffic through this tunnel. IPSec clients and servers are available from a number of vendors; there's even an open source implementation.
  • There's also the option of upgrading firmware on your network devices.

To receive your Wireless Assessment , please submit your payment of $499.00 If more than 100 miles of travel will be required, the additional cost will be billed separatelly.

Business Name:
Contact Information:
Email Address:
URL or IP address:

Other members of our business group:
Cloud-Security.us | US-scada.com

COPYRIGHT (C) 2000 - 2013 InfoSecPro.com ALL RIGHTS RESERVED