Print Page | Close Window

Wireless network security testing

Printed From: One Stop Testing
Category: Types Of Software Testing @ OneStopTesting
Forum Name: Security Testing @ OneStopTesting
Forum Discription: Discuss All that is need to be known about Security Testing, All Security Issues and its Tools.
URL: http://forum.onestoptesting.com/forum_posts.asp?TID=90
Printed Date: 24Dec2024 at 3:06am


Topic: Wireless network security testing
Posted By: Riya
Subject: Wireless network security testing
Date Posted: 17Feb2007 at 11:02am


Wireless network security testing



        All security administrators have 802.11-based wireless in their environments, right? Actually, many Windows administrators would be inclined to answer "no" or "in limited areas" to this question, which seems reasonable with all the "no wireless" and "limited wireless" policies I've seen lately.

Policies or no policies, though, the truth is that most organizations have more wireless systems -- especially more unsecured wireless systems -- running than they ever bargained for. There is planned wireless connectivity in training rooms, reception areas, and satellite offices as well as unplanned/rogue wireless in the form of Windows laptops running in ad-hoc mode and an access point set up by an employee for the sake of convenience. Or, there could be a malicious attacker running an "evil twin" access point to lure wireless users into his den of iniquity.

Whether or not you officially support wireless networks, various wireless security testing measures need to be on your security review checklist. Not doing so seems awfully risky given that most new computer systems have wireless built right in. This need for testing for wireless issues stands true even if you think your local airwaves are clear of network protocols or you only have one access point tucked away where nobody can get to it.

Even if you do support wireless and you think it's secure, unless you're running a wireless IDS or IPS system, it's likely you have vulnerabilities that a malicious external attacker or a rogue insider could exploit. Here's what you can do about it.





Print Page | Close Window