Tag: Wireless Networks

  • What to Expect with a Raxis Wireless Penetration Test

    Although social engineering attacks – including phishing, vishing, and smishing – are the most popular and reliable ways to gain unauthorized access to a network, some hackers simply don’t have the social or communications skills necessary to perform those attacks effectively. Wireless attacks, by contrast, are typically low-risk, high-reward opportunities that don’t often require direct interaction with the target.

    That’s one reason why pentesting for wireless networks is one of Raxis’ most sought-after services. We have the expertise and tools to attack you in the same ways a real hacker will. In fact, I’ve successfully breached corporate networks from their parking lots, using inexpensive equipment, relatively simple techniques, and by attacking devices you might never suspect.

    To appreciate how we test wireless networks, remember that wireless simply means sending radio signals from one device to another. The problem with that is that no matter how small the gap between them, there’s always room for a hacker to set up shop unless the network is properly secured.

    So, if Raxis comes onsite to test your wireless network, the first thing we will likely do is map your network. This is a mostly passive activity in which we see how far away from your building the wireless signal travels normally. But we also have inexpensive directional antennas that allow us to access it from further away if we need to be stealthier.

    Using an easily accessible aircrack-ng toolkit, we can monitor and capture traffic from wireless devices as well as send our own instructions to others that are unprotected. (I’ll go into more detail about that in a moment.)

    As we establish the wireless network’s boundaries, we also determine whether there are guest networks or even open networks in use. Open networks, as the name implies, require no special permission to access. Even on controlled guest networks, we can usually get in with little effort if weak passwords are used or the same ones reused. Once we’re in as a guest, we’ll pivot to see if we can gain unauthorized access to other areas or other users’ data.

    While this is going on, we will often set up a rogue access point, essentially just an unauthorized router that passes traffic to the internet. If the network is configured properly, it should detect this access point and prevent network traffic from accessing it. If not, however, we can capture the credentials of users who log into our device using a man-in-the-middle attack.

    Scottie with a directional wireless antenna

    Our primary goal here is to capture usernames and password hashes, the characters that represent the password after it has been encrypted. In rare cases, we’re able to simply “pass the hash” and gain access by sending the encrypted data to the network server.

    Most networks are configured to prevent this technique and force us to use a tool to try to crack the encryption. Such tools – again, readily available and inexpensive – can guess more than 300 billion combinations per second. So, if you’re using a short, simple password, we’ll have it in a heartbeat. Use one that’s more complex and it may take longer or we might never crack it.

    If a network isn’t properly secured, however, we might be able to find a way in that doesn’t require a password. Many people who use wireless mice and keyboards, for example, don’t realize that we can sometimes intercept those signals as well. For non-Bluetooth devices, we can use our aircrack-ng tools to execute commands from a user’s (already logged-in) device.

    As a proof of concept, we sometimes change screensavers or backgrounds so that network admins can see which devices are vulnerable. However, we can also press the attack and see if we’re able to pivot and gain additional access.

    The good news for business owners is that there are simple methods to protect against all these attacks:

    • Never create an open network. The convenience does not justify the security risk.
    • If you have a guest network, make sure that it is not connected to the corporate network and that users are unable to access data from any others who may also be using it.
    • Use the latest wireless security protocol (WPA3) if possible.
    • If you’re using WPA2 Enterprise, make sure the network is requiring TLS and certificates.
    • If you’re using WPA3 Personal, make sure your password is at least 30 characters long. (That’s not a typo – 30 characters is still out of reach for most hash-cracking software.)

    Here’s the most important piece of advice: Test your network regularly. New exploits are found every day, and hackers’ tools get better, faster, and cheaper every day. The only way to stay ahead of them is with professionals like us who live in their world every day.

    And, trust me, you’d much rather have Raxis find your vulnerabilities than the bad guys.

  • Raxis’ Transporter Enables Remote Penetration Testing

    Adapt. That one word sums up what was, for most of us, the biggest challenge of 2020 and the COVID-19 crisis that came along with it.

    As the pandemic took hold, families, employers, and employees had to adapt to a new way of living. Children had to adapt to learning virtually. Parents had to adapt to working from home while caring for children and helping them with school. Pets had to adapt to everyone being home all the time. Companies had to adapt to remote work, Zoom meetings, and new ways to collaborate. 

    It was much easier for some than others. Raxis, for example, has been a remote-work company since its launch in 2011. For us, working from home was literally another day at the office. For many of our customers, however, it was a major disruption with lots of implications for security. The need for penetration testing was made more urgent by the dramatic shift to WFH. The question we faced was how to go about it in a way that was both safe for our team and effective for our customers.

    We did continue to travel when necessary, but the pandemic made it more difficult to get to our clients and more time-consuming to conduct our testing. Fortunately, we had another option, one that would allow us to complete internal and wireless network testing without the need for going onsite.

    We developed the Raxis Transporter device several years ago as a time- and cost-saving measure for our customers. With this secure network backdoor, which can be mailed to and installed easily by customers, we can conduct in-depth testing remotely. When the pandemic hit, the Transporter became a lifeline for customers who needed our services, even if they couldn’t host us at their physical locations.

    In the video above, I explain more about the Transporter, how we use it, and why it gives us another cost-effective option for delivering high-quality services to our clients.

    As you heard in the video, Raxis’ Transporter is a simple-to-install device that allows our elite team of professionals access to everything they need to perform a thorough penetration test. And that’s just one of the many practical innovations we bring to our work.

    All of us hope that the pandemic is on its way out, but remote work is here to stay. I’m proud to work with a company that remains way ahead of the curve for our team and for our customers. 

    If you are ready for Raxis to put your security to the test, contact us. We can discuss which type of test would best suit your company and your needs. 

  • Securing Your Wireless Network

    This week Raxis Chief Technology Officer Brian Tant continues his video series about the most common vulnerabilities our team has discovered as they’ve performed thousands of penetration tests across the US over the years.

    In this video Brian highlights the unique challenges wireless security brings to the table and breaks down which type of encryption you may want to consider to enhance your wireless security posture and protect your network. 

    Brian explains the pros and cons of WPA2 Personal Encryption, WPA2 Enterprise Encryption, and Certificate-based Authentication and discusses which one the Raxis team recommends to bolster your security.

    Hopefully, you’ve watched the video and have a better understanding about which type of network encryption is most secure. If you still have questions or want to learn more about protecting your corporate network, please reach out.

    The Raxis team brings years of hacking and penetration testing experience to the table. We can use that experience to improve your skills and make your environment more secure.

    Download our list of Top 10 Cyber Attacks to learn more about ways to secure your company.

    Want to learn more? Take a look at the next part of our Common Vulnerabilities discussion.