The BT Wireless Security Ethical Hacking Assessment is composed
of multiple phases. Each phase provides the EHCOE consultants
with more information that acts as the foundation for the next. The
three phases of the project are: Map and Identify Active Wireless
Networks, Assess Wireless Implementation for Vulnerabilities,
Exploit Vulnerabilities and Access Other Networks.
During the first phase, Map and Identify Active Wireless Networks,
BT will determine your network’s vulnerability to an attacker with
radio access to the wireless network space. The EHCOE consultants
will attempt detect the 802.11 wireless networks in place
(including any ad-hoc networks identified), determine the
locations and ranges of the wireless networks, evaluate the range
of the wireless access area, determine network configuration
information and probe points of entry for identifying system
information or access parameters.
In the second phase of the engagement, Assess Wireless
Implementation for Vulnerabilities, BT will pose as someone with
normal user access and evaluate the security measures taken to
secure infrastructure, including the following ESSID, the use and
strength of WEP encryption, network segmentation and access
control devices.
During the Exploit Vulnerabilities and Access Other Networks phase
of the project, BT will attempt to use the vulnerabilities discovered
during Phase 2 to obtain access to other network segments. If the
consultants are successful, they will test different methods to
exploit that access. This phase will determine which network
segments and systems the wireless network infrastructure can
access, the security controls that separate the wireless network
from other network segments and if the wireless network can be
used as a launching point to attack other systems.
Before the project begins, BT will develop boundaries for actions
and events that our consultants can perform during the
vulnerability assessment. For the Wireless Security Ethical Hacking
assessment, the EHCOE consultants will use a variety of publicly
available and proprietary tools. All publicly available tools used by
BT have undergone source code review and thorough evaluations
(including sniffer logs) in our testing lab.
Any High-Risk vulnerabilities/risks identified during the assessment
will be communicated immediately to you. After the testing has
been completes, BT will provide your organization with a formal
report that:
• Lists all identified weaknesses and vulnerabilities
• Explains the risks associate with the current
network configuration
• Presents recommendations to increase the security
of your wireless infrastructure
Hey Thanks a lot for sharing such informative article really very helpful.
ReplyDeleteBy the way for more information on Security Courses like Ethical Hacking check this link: http://www.eccouncil.org/certification.aspx