With the ubiquity of mobile devices in today’s workplace, from tablets to smartphones, the expectation from employees, contractors and business partners is often that a wireless network will be available at their place of work. Often implementation of these wireless networks can be a source of weakness due to poor configuration or use of protocols with fundamental flaws. Add to this the fact that these wireless networks often propagate beyond the physical boundaries of the corporate estate and they can be a point of vulnerability for these organisations.
To provide assurance over how these wireless networks affect the overall security posture of an organisation, ProCheckUp can perform a series of simulated attacks on the corporate Wi-Fi, including Denial of Service (DoS), authentication enumeration and attempts to access wired Ethernet based networks (which should be inaccessible from the wireless networks) as well as general network segregation assessments. ProCheckUp can also complete a mapping exercise to show the footprint of the companies’ wireless networks, both internally and externally, and demonstrate how far they reach beyond the external physical perimeter of the organisation. The key points covered by ProCheckUp’s wireless testing methodology are highlighted in the diagram below.
At the end of any ProCheckUp assessment, the final deliverable is a technical report which includes full details of all issues identified (along with recommended remediation steps) as well as an executive summary (management) section which includes a high-level description of the higher-risk security issues identified. Both CVSS scoring and a ProCheckUp risk rating are provided for each issue to ensure that their impact and severity can be easily understood. It should be noted that immediate notification of any serious security vulnerabilities (i.e. those rated as high or critical risk) will be made to a designated client point(s) of contact throughout the engagement to ensure a close working relationship between ProCheckUp and their clients.
ProCheckUp Engagement lifecycle
Procheckup utilises a standard engagement model for all engagements which is defined below: -
Offering - Activities that take place before the execution of a consultancy assignment:
- Pre-sales and identification of client needs;
- Creation of an agreement, typically covering: - Context of the work - Services and deliverables - Approach and work plan - Roles and responsibilities.
Execution - Delivery of the services agreed at the offering stage to satisfy the client:
- Refining the work plan;
- Implementing the agreed work plan;
- Assignment of staff, management and mentoring;
- Approval and acceptance.
Closure - Activities that take place at the end of a consultancy assignment:
- Final client evaluation and agreement that the service has been delivered;
- Conclusion of obligations;
- Finalising payment;
- Any subsequent improvements to the service.