The inherent flexibility associated with the implementation of wireless networks and the widespread availability of wireless access points, has resulted in their use dramatically increasing. However, implementing wireless access points in your networks effectively extends the network beyond the physical boundaries of your premises. This extension into sometimes public places could be providing an easy, and less traceable way for unauthorised persons to access corporate networks. The range to which this access can be extended beyond the normal anticipated range is significant; with more sophisticated equipment.
In addition to the issues associated with intentional implementation of this technology, is the risk associated with the potential ease of implementation through the built-in capability of many modern computing devices which may be connecting to your network. Connecting, for example, a laptop with wireless capability to your network, potentially provides a wireless point of access if the facility is enabled on the laptop; the same applies for other devices such as PDA’s, mobile phones, etc. These unintentional, or rogue access points are a risk faced by all organisations, even if they have a policy of not using wireless technologies.
Exacerbating the issues relating to extended potential accessibility and rogue access points, is the fact that older standards and protocols for wireless communication have significant inherent weaknesses; even modern standards are known to be weak, especially if not configured correctly.
Organisations must also be aware of the fact that PCI DSS has specific requirements related to the use of and assessment of wireless technologies; for example PCI DSS requirement 11.1, which mandates testing for the presence of wireless access points.
commissum adopts a risk based approach to testing. This involves taking into account your specific application of any wireless solution, and focusing the testing and recommendations on the areas of risk appropriate to you. Using a range of publicly available and bespoke equipment, tools and utilities, commissum is able to identify wireless access points within your organisation, testing for and analysing security weaknesses. Services include:
- site sweep for rogue wireless devices;
- regular sweep and test as required by PCI DSS
- wireless network configuration review and advice
- review and lockdown advice for wireless capable devices
- wireless access point penetration testing
commissum provides a comprehensive level of testing backed by proven security focused expertise. Clear reporting identifies the vulnerabilities discovered and the impact on your business. The report highlights:
- existence and localisation of rogue access points
- advice on configuration and lockdown of wireless networks and decices
- testing for vulnerabilities with an indication of their relative severity
- recommendations for fixes or mitigation action for the vulnerabilities discovered
- cost effective high value improvements
- identifies areas that would benefit from more in-depth analysis
Get in touch with one of our security consultants today
- No obligation
- Expert advice
- Tailored solutions
"commissum continues to deliver a professional and high standard of service to us. We have used them for several years and really appreciate their flexibility on changing timescales and project requirements. Having tried several other companies who offer seemingly comparable services prior to working with commissum we can happily say that we have found a long-term partner who consistently delivers where others don't.”
Paul N, Security Manager, UK Financial Services
Fri 22 Nov, 2013 //
Tue 12 Nov, 2013 //
Fri 08 Nov, 2013 //