Wireless Pentesting Part 1 – An Overview

EH-Net - Wylie - Wireless Pentesting Part 1 – An OverviewAs networks and computing systems have become more secure through the evolution of next generation firewalls, intrusion prevention systems (IPS), and endpoint security, attackers have shifted their focus. Web applications, mobile devices and apps, IoT (Internet of Things), wireless networks and the human element via social engineering have become more attractive targets for threat actors. Each of these targets are large enough subjects for books themselves, but in this article series we are going to focus on wireless network attacks. Although there are numerous types of wireless technologies such as Bluetooth, LTE and NFC, this series will cover wireless networks or WLANs (Wireless Local Area Network) using WiFi technology. In this four-part series on wireless pentesting we are going to discuss the following;

  • Part 1 – An Overview
  • Part 2 – Building a Rig
  • Part 3 – Common Wireless Attacks
  • Part 4 – Performing an Actual Wireless Pentest

In this first article of the series, we are going to learn what wireless pentesting consists of and why assessing wireless networks should be a stand-alone item and part of the scope of a wider pentest.

Pentesting Basics

Before we get into the specific topic of wireless pentesting, let’s cover some of the basics of pentesting. If you are new to the topic, pentesting is short for penetration testing. Pentesting is commonly referred to as ethical hacking. Pentesting is the process of assessing the security of a computer, network, application or other device using adversarial tactics, techniques and procedures (TTPs). Assessing security from an offensive perspective allows security professionals to discover vulnerabilities that may otherwise be overlooked.

All security professionals should be familiar with the Penetration Testing Execution Standard (PTES) as a great set of technical guidelines for performing pentests. It covers the following main sections of a typical pentesting methodology:

*** This is a Security Bloggers Network syndicated blog from The Ethical Hacker Network authored by Phillip Wylie. Read the original post at: http://feedproxy.google.com/~r/eh-net/~3/CAYqNsYUuSw/