Introduction

Technology continues to move forward around us, making our lives better and easier with simple access and connectivity. However, because of things like wireless connections, it is important to remember cybersecurity posture with wireless assessments. Wireless access is important on a business level and personal level, especially if there are many controls and access points to consider. A bad actor can get into a network through any access point if the proper defenses aren’t in place.

That’s where the wireless assessment comes in. With a thorough review of authorizations, data, and configurations, you can be sure that your network will be inaccessible to any sort of bad actor. However, something to consider is that even printers can be the key to getting into your company’s network, so having a wireless assessment is crucial to all businesses that operate with a network.

Controls and Access Points

When it comes to wireless access to a business’s network, there are many things to keep in mind. Usually, a security analyst will take them into consideration, but there are usually many access points available to the business. There are some that one might not think of, including:

  • Printers
  • Scanners
  • Fax Machines
  • “Smart” Appliances (Television, air conditioning controllers, Alexa)

These are just examples that can potentially be hacked by a bad actor. Some of these shouldn’t be used in a business to begin with, but if they are, they need to be checked with a wireless assessment. While it may be unlikely that a hacker will access one of these, it’s always a possibility. Reviewing these points of access, controls, and other various portions of these systems are necessary for cybersecurity posture.

Wireless Assessment

A wireless assessment is a review of configurations, policies, procedures, and security features of a wireless network. This is usually done during a penetration test, but it can be done as a standalone service. These assessments can be either remote or onsite, depending on the scope of the project being done. They are different and many businesses elect to have both types of assessments done when considering government regulations.

An external scan of your wireless network is done, which will pick up any vulnerabilities that might threaten your devices. If there is a patch or update missing, it wills how on the report that is given after the tests are done. A security analyst should go over each finding with the business and inform them of the remediation that needs to take place.

These tests will go over a few main things in your network:

  • Wireless device configurations
  • Wireless policies
  • Wireless topology mapping
  • Authorizations and access
  • Range of wireless network access (onsite)

Even if the business doesn’t have a public-facing network, like public Wi-Fi or an app that customers can log into, a wireless assessment is still necessary. Despite not being available to outside connections, a bad actor can still get into it if it is unprotected or without necessary securities in place. There are ways to get into a system without it being publicly available.

This is especially crucial if the business has multiple wireless access points. If there are multiple routers or different networks that an employee or customer can connect to, it is crucial to get an assessment on each one. Even if one of the wireless networks is up to date, the others may not be. Making sure the assessment goes over each network is important for any cybersecurity project.

Conclusion

Wireless assessments are a valuable part of any cybersecurity posture. They are usually included in penetration tests, but can be done as a stand-alone project. There are many different types of wireless access points that can be taken advantage of by bad actors and hackers, breaking into your network and stealing sensitive information. This can be prevented by going through penetration tests and wireless assessments.

Wireless access is only one form of entry to a network. Even if there’s not a public option for the network, a bad actor can still get into the system if proper cybersecurity methods aren’t considered. After a wireless assessment is done, a report is usually given to the business, letting them know of any vulnerabilities or threats that might need to be fixed or patched. Getting these assessment should be done at least annually, but it is recommended to be done two times a year and after any significant update to a network or system.

Eddy Berry, Security Research Analyst

Eddy has been researching cybersecurity for a few years now. Finding specific trends and best practices is something he takes pride in, assisting in finding news and government regulation that are on the rise. He researches topics and writes articles based on current events and important vulnerabilities that are affecting people, always hoping to get the necessary cybersecurity steps to those that need them.