With the increase of organizations establishing wireless networks, including wireless guest networks, as well as creating Bring Your Own Device (BYOD) environments, organizations have increased their susceptibility to newer types of threats. Organizations are struggling to balance convenience with security and too often, convenience is being implemented proactively while security is being implemented reactively. When organizations introduce these new environments into their businesses, they can no longer rely upon traditional penetration tests to provide a holistic picture of their security posture.

“Who would want my information? It is of no value to anyone else but me. ”The answer is unfortunately that there is always a person or group looking to gain an edge in business or is just a common thief wanting to use your organization’s information to gain power or collect ransom by either obtaining or destroying the information assets. People looking for information assets are identity thieves, competitors, foreign governments, or a disgruntled employee. Organizations must ensure that the full spectrum radio frequency (RF) aspect is included within the scope of any penetration test performed. By doing so, organizations will receive more complete information about their non-wired/non-monitored infrastructure, such as:
  • RF Interference
  • WiFi Infrastructure Misconfigurations
  • Vulnerabilities in the IT Infrastructure Outside of WiFi
    • Bluetooth
    • Zigbee
    • Cell phones
  • Out of Band Wireless Devices
    • Rogue devices
    • Listening devices
    • Implants
    • Devices used to steal information

Wireless Security 802.11

What is full spectrum RF Penetration Testing?

The full and useable spectrum for data exfiltration from an environment is typically from 300 Mhz - 6Ghz. It is not just the WiFi portion of the spectrum, which is in the 2.4 Ghz and 5Ghz ranges. A full spectrum RF that may have gone unnoticed or overlooked. For penetration test is the process of actively evaluating an organization’s RF emissions from desktops, servers, and infrastructure as well as critically evaluating the RF emissions within and around the organization. A penetration test should be focused on replicating threats that are relevant to an organization’s environment, and 9 times out of 10, unsecure information is being leaked within the RF spectrum. This is often times unknown and invisible to the IT and security staff.
Organizations should consider having full spectrum RF penetrations tests performed in order to:
  • Identify the threats facing the organization’s information assets
  • Reduce the organization’s IT security costs and provide a better return on IT security investment (ROSI) by identifying and resolving vulnerabilities and weaknesses. These may be known vulnerabilities in the underlying technologies or weaknesses in the design, implementation or configuration.
  • Maintain compliance with legal and industry regulations.

“What is more cost effective: proactively implementing known fixes based on recurring penetration tests, or reactively responding to a security breach?”

In a proactive approach, an organization may incorporate mitigation activities into the daily operations of its staff or into contracts where security services are outsourced. These become planned costs and are therefore budgeted for and approved as ongoing operations and maintenance. However, in a solely reactive environment, when a security breach occurs, all focus is turned to identifying and stopping the breach. The resultant costs are multiplied two to three times because day-to-day work still has to be completed. This results in extra costs for overtime, extra contract staff, external services and on many occasions re-building equipment and re-installing backups.

In a proactive approach, the results of a penetration test are black and white. The findings from a full spectrum RF penetration test will bring to light the issues example, misconfigured or improperly tuned wireless access points (APs) can be costly for an organization. When APs are improperly tuned, there is an increase in RF emissions, which results in fewer devices being able to connect. Organizations frequently respond to this type of situation by purchasing more APs. This in actuality enhances the problem instead of mitigating the problem because additional misconfigured A Ps further increase the RF emissions. Another typical example found in a full spectrum RF penetration test is the case where a microwave oven in an employee break room disconnects users from APs due to the use of the same channels on the 802.11 frequencies. Properly tuning the APs to avoid this interference mitigates the disconnection problem.

The findings and recommendations from a quality full spectrum RF penetration test will provide an organization with a customized view of the threats and vulnerabilities relevant to the organization. The findings and recommendations from a penetration test are ranked by the severity and the threat of the technical risk. Prioritizing results allows an organization to properly allocate resources (people, equipment, money) when developing its mitigation strategy and plan.Since more organizations are being asked to produce more with less, these types of proactive measures can be a cost saver instead of a cost center.

 Get a Free Version of this Article in PDF