Wireless security is the prevention of unauthorized access or damage to computers using wireless networks. As wireless technology is getting popular its risks to attacks are also getting increased. Effective wireless security policies needs to be implemented to guard against unauthorized access.
Why Wireless Security
Wireless networks are very common, both for organizations and individuals. Many laptop computers have wireless cards pre-installed. The ability to enter a network while mobile has great benefits. However, wireless networking has many security issues.
Many organizations/individuals, while setting up their wireless networks rush through the job to get their Internet connectivity working as quickly as possible, ignoring the security practices, as configuring their security features can be time-consuming and non-intuitive..But the downside of a wireless network is that, unless you take certain precautions, anyone with a wireless-ready computer can use your network. That means your neighbors, or even hackers lurking nearby, could "piggyback" on your network, or even access the information on your computer. And if an unauthorized person uses your network to commit a crime or send spam, the activity can be traced back to your account.
Phase -1 Audit
The Phase-1 audit is primarily about gathering information about the wireless LAN and showing what information others can readily gather about your network.
Detect and identify the wireless network including channels and ESSID
Identification and location of all your existing Wi-Fi infrastructure assets
The current performance of your Wi-Fi network
Determine if WEP is enabled on all remotely accessible access points
Inspection of broadcast frame and record the information it broadcasts
Monitor for rogue access points from outside or inside the building
Collect IP addresses of access points and clients
Collect MAC addresses of access points and clients
Policy and security compliance
Phase -2 Audit
The Phase -2 audit allows for a selection of tests based only on what is needed for your wireless environment. Social Engineering techniques will only be performed if Inflow been granted permission to do so and the proper documentation has been provided as described above.
Attempt to gain information via social means
Interaction with employees
Attempt to gain physical access to networks and/or secured areas
WEP Encryption Test
Identify if WEP is enabled on all accessible access points
Identify or decipher WEP key
Capture WEP encrypted data
MAC Address Spoofing Test
Intercept a valid client MAC address
Bypass MAC filtering by impersonating the valid client
Access Point Accessibility Test
Access configuration menu using browser interface
Access configuration menu using telnet
Access configuration parameters using SNMP
Access configuration parameters using FTP
Determine what types of authentication methods are implemented
Capture data that contains usernames and passwords
Logon to the network
Determine manufacturer(s) of the access points
Assuming communication is possible; communicate with access point using various client cards with or without WEP
Data Collection Test
Focus on collecting data that is transmitted over the wireless network
Apply filters to the data to look for any "interesting" data such as passwords or "$"
The Qseap style of life is elementary to perceive because we take everything as a wonder where opportunities, possibilities, adventures, fortunes and ideas pave the way to success and to be the winner which channelizes life for better tomorrows full of promises and that is the way we look at life.