The inherent flexibility associated with the implementation of wireless networks and the widespread availability of wireless access points has resulted in their use dramatically increasing. However, implementing wireless access points in your networks effectively extends the network beyond the physical boundaries of your premises. This extension into sometimes public places could be providing an easy, and less traceable way for unauthorised persons to access corporate networks. The range to which this access can be extended beyond the normal anticipated range is significant, particularly with more sophisticated equipment.
In addition to the issues associated with intentional implementation of this technology, is the risk associated with the potential ease of implementation through the built-in capability of many modern computing devices which may be connecting to your network. Connecting, for example, a laptop with wireless capability to your network, potentially provides a wireless point of access if the facility is enabled on the laptop; the same applies for other devices such as PDAs, mobile phones, etc. These unintentional, or rogue access points are a risk faced by all organisations, even if they have a policy of not using wireless technologies.
Exacerbating the issues relating to extended potential accessibility and rogue access points, is the fact that older standards and protocols for wireless communication have significant inherent weaknesses; even modern standards are known to be weak, especially if not configured correctly.
Organisations must also be aware of the fact that PCI DSS has specific requirements related to the use and assessment of wireless technologies; for example PCI DSS requirement 11.1, which mandates testing for the presence of wireless access points.
Commissum adopts a risk based approach to testing. This involves taking into account your specific application of any wireless solution, and focusing the testing and recommendations on the areas of risk appropriate to you. Using a range of publicly available and bespoke equipment, tools and utilities, commissum is able to identify wireless access points within your organisation, testing for and analysing security weaknesses. Services include:
- Site sweep for rogue wireless devices
- Regular sweep and test as required by PCI DSS
- Wireless network configuration review and advice
- Review and lockdown advice for wireless capable devices
- Wireless access point penetration testing
Commissum provides a comprehensive level of testing backed by proven security focused expertise. Clear reporting identifies the vulnerabilities discovered and the impact on your business. The report highlights:
- Existence and localisation of rogue access points
- Advice on configuration and lockdown of wireless networks and devices
- Testing for vulnerabilities with an indication of their relative severity
- Recommendations for fixes or mitigation action for the vulnerabilities discovered
- Cost effective high value improvements
- Areas that would benefit from more in-depth analysis