Don’t Let Wireless Access Compromise Your Internal Network

Wireless pentesting is a critical component of overall network security, but many organizations ignore it under the assumption that WPA2 or WPA3 provide solid protection. Raxis often finds that isn’t the case. Large networks require numerous access points, and each is an opportunity for misconfigurations and weak passwords to compromise security on the entire network.

Raxis wireless pentesting focuses on risk that extends past your wireless configuration. We test for rouge access point detection, user awareness towards rogue access points, and other over-the-air attacks such as MouseJack. Raxis makes every attempt to leverage your wireless network with the goal of reaching the internal network and other critical systems.

To provide the best assurance of security, Raxis tries several ways to leverage your wireless network with the goal of reaching the internal network and other critical systems. Our wireless pentesting dives deep into your environment with the same attack tools that malicious hackers use. In doing so, we often uncover vulnerabilities that lead to broader attacks, compromising internal network security and resulting in full breaches.

Why is wireless testing important?

Hackers work on a least-risk, most-reward basis. They look for attack vectors that pose minimal risk of detection, and wireless networks fit that bill. Often sitting far away from your building using a high-gain antenna, a potential attacker can attempt to exploit your wireless with little worry about being caught – or even noticed in many cases.

Does my company need a wireless network penetration test?

If your company provides an internal wireless network to employees or a guest wireless network for visitors, then the answer is likely yes. While wireless networks are a convenient way to access the production network, common misconfigurations and oversights can leave you vulnerable.

That’s one reason why wireless attacks are often included in Raxis Red Team tests. Sometimes, we find a guest wireless network that is not fully isolated from the corporate network. When we do, our team will try to leverage that access and use it as an entry point to critical internal systems. And it works more often than you might expect. The Raxis team has hacked into internal networks using unmonitored wireless networks that are accessible from nearby retailers and from cars in guest and employee parking areas.

Does Raxis have to be onsite to perform the test? What if I have several locations to test?

Raxis now performs many wireless network penetration tests remotely. Using the powerful, internally developed, plug-and-play Raxis Transporter wireless testing device, you can allow Raxis testers to work remotely with the same level of quality as an onsite test. The Transporter is truly that simple. Your team plugs it into the network, and the Raxis pentesters are ready to get to work.

Need wireless networks at separate locations tested? Your team can move the Transporter at appropriate times during the test, or Raxis is happy to send your team several devices. You explain your environment, and the Raxis team will tailor a solution to your needs.

How is a wireless penetration test from Raxis different?

Wireless attacks take many forms, so Raxis tests for a wide variety of wireless vulnerabilities. Our team examines your full attack surface area before launching our attacks. Below are among the tactics you’re likely to see.

• Wireless network mapping and rogue access point detection
• Man in the Middle (MitM) Attacks Using Rogue Access Points
• Guest wireless isolation testing
• Wireless Device Attacks such as Mousejacking

While WPA-3 provides a high level of security, it requires hardware changes, and, therefore, WPA2-Enterprise (often without certification validation) and WPA2-Personal will be around for a long time to come. Raxis still finds wireless networks using WPA, which has authentication weaknesses, and, yes, we even still discover WEP wireless networks once in a blue moon, especially as a default-on offering from IoT devices such as projectors. These are soft spots in network security that can have catastrophic consequences if they aren’t found and fixed.

Can my wireless penetration test be performed in combination with my internal pentest?

Yes, and we often recommend this combination to give organizations the best idea of how malicious hackers can combine vulnerabilities to gain network access.

As production wireless networks are meant to give employees access to organizations’ production networks – and guest wireless networks are meant not to – Raxis wireless tests clarify the bridge between internal networks and the wireless networks that are often the easiest, lowest-risk access route for hackers.

Separate or combined internal and wireless network tests are both valid and useful. A combined test can help you work within a budget. Separate tests provide separate reports, which may be helpful if your team reports the findings to different stakeholders.