How We Test
Secura will intercept and analyze traffic of available wireless networks. In this phase, it will be determined if the traffic is encrypted and how it is encrypted. If it is unencrypted, Secura will analyze the content of the traffic to determine if it belongs to the customer’s network and if it contains sensitive and/or useful information.
Only Wi-Fi networks that are positively attributable to our customers are subjected to the tests.
After a Wi-Fi security test, Secura will be able to answer the following questions:
- Which Wi-Fi networks are available?
- What security measures are in place and are they sufficient?
- Is it possible to access internal systems through a public/guest Wi-Fi network?
- Is it possible to access other guests systems through the public/guest Wi-Fi network?
- Can traffic be intercepted and decrypted?
When we encounter networks that should be segregated, we will investigate whether they are configured correctly to prevent connections between the networks. Secura will identify vulnerabilities on the access points and attempt to exploit these.
A typical example would be a situation where Secura investigates possibilities of breaking out of a guest network into the office automation network, of if guests can attack each other’s system.
When network traffic is encrypted, Secura will attempt to crack the implemented security technology and recover the Wi-Fi key. Such an attempt is possible for all password-based encryption methods, including WPA3.
If Secura is requested to also check the security of the implemented security measures for authorized users, we should be provided with the correct login credentials. This way we can connect to the Wi-Fi network, just like a normal user would, using passwords and certificates.
Additional tests we can perform:
- How are users separated from each other?
- Can information sensitive areas of the office automation network be reached?