Wi-Fi and Network Security Audit

📶 Wi-Fi and Network Security Audit Report #

Subject: Security Audit of Wi-Fi and Network Infrastructure
Date of Test: 1 June 2024 – 10 June 2024
Location: Bristol, United Kingdom
Company Conducting the Test: CyberSentinel Solutions LTD
Version: 1.0

📑 Executive Summary #

This document details a comprehensive security audit of the Wi-Fi and network infrastructure conducted by CyberSentinel Solutions LTD in June 2024. The assessment focused on identifying vulnerabilities in wireless networks, internal LAN components, and network security configurations that could compromise the confidentiality, integrity, and availability of corporate data.

During the testing period, several advanced tools and hardware were employed to evaluate encryption protocols, network segmentation, and intrusion detection capabilities. The audit included simulations of Man-in-the-Middle (MitM), Rogue Access Point (AP) attacks, and deauthentication sequences to assess the effectiveness of the organization’s defenses.

Scope of the Audit:

  • [01] Wi-Fi Networks (2.4 GHz and 5 GHz bands)
  • [02] Local Area Network (LAN) (Internal office infrastructure)
  • [03] Firewall and Router Configurations
  • [04] Device and Network Segmentation

🎯 Test Objective #

The primary objectives of this network audit were to:

  1. Ensure the wireless network uses hardened encryption protocols (WPA2/WPA3).
  2. Validate the integrity of network segmentation between guest and internal corporate environments.
  3. Assess the security posture of core infrastructure devices (routers, firewalls, and switches).
  4. Identify vulnerabilities in authentication mechanisms and test resilience against MitM and deauthentication attacks.

🛠️ Test Methodology & Tactical Toolkit #

The audit followed a multi-stage approach, combining automated vulnerability scanning with manual exploitation techniques.

# Tactical Toolkit [Network & Wireless Security]
equipment:
  - hardware: "Wi-Fi Pineapple (Mark VII Tactical)"
    use: "Simulating rogue access points and automated deauthentication."
  - software: "Aircrack-ng Suite (v1.7)"
    use: "WPA handshake capture and offline dictionary attacks."
  - software: "Wireshark (v4.0)"
    use: "Deep packet inspection and protocol analysis during MitM."
  - hardware: "Alfa AWUS036ACH Adapter"
    use: "High-gain scanning, monitor mode, and packet injection."
  - hardware: "Raspberry Pi 4 (8GB) with Kali Linux"
    use: "Mobile penetration testing platform for field-based audits."
  - software: "Bettercap (v2.33.2)"
    use: "ARP spoofing, DNS manipulation, and SSL stripping."
  - software: "nmap (v7.94)"
    use: "Network mapping and internal service discovery."

🔬 Phases of the Security Assessment #

Phase 1: Reconnaissance and Network Discovery #

  • Objective: Map the wireless landscape and identify encryption standards.
  • Procedure: Used airodump-ng to identify SSIDs and encryption types. Hidden SSIDs were revealed by triggering client deauthentication.
  • Outcome: Two primary networks identified: Corporate_WiFi (WPA2-Enterprise) and Guest_WiFi (WPA2-PSK). One hidden SSID was successfully mapped.

Phase 2: Wireless Encryption and Authentication Testing #

  • 1. Handshake Cracking: Outcome: Successfully captured the 4-way handshake for Guest_WiFi. The WPA2-PSK password (“guest2024”) was cracked via a dictionary attack within hours.
  • 2. Rogue Access Point Attack: Outcome: Using the Wi-Fi Pineapple, several legacy IoT devices and smartphones were successfully lured into connecting to a twin rogue AP, enabling full traffic interception.
  • 3. WPS Assessment: Outcome: WPS was found to be disabled across all access points, neutralizing PIN-based brute-force attempts.

Phase 3: Man-in-the-Middle (MitM) Simulations #

  • 1. ARP Spoofing (Bettercap): Outcome: Intercepted plaintext HTTP credentials on the guest network.
  • 2. SSL Stripping: Outcome: Most modern browsers resisted downgrades due to HSTS, but several older IoT devices remained vulnerable, transmitting sensitive data over unencrypted channels.

Phase 4: Internal LAN Scanning and Service Audit #

  • 1. Device Mapping: Outcome: 54 active devices discovered. Critical open ports (SMB: 445, SSH: 22) were found on internal file servers.
  • 2. Vulnerability Identification: Outcome: Outdated firmware on network printers (CVE-2023-0874) and the presence of deprecated SMBv1 on a legacy server were confirmed.

Phase 5: Segmentation and Isolation Testing #

  • 1. Guest Network Integrity: Outcome: Proper VLAN isolation was confirmed; no lateral movement to the internal corporate segment was possible from the guest zone.
  • 2. IoT Segmentation Flaws: Outcome: Critical Failure. IoT devices (cameras, printers) were found on the same segment as employee workstations, allowing a compromised IoT device to serve as a pivot point.

Phase 6: Infrastructure Configuration Audit #

  • 1. Firewall Rules: Outcome: Inbound rules were overly permissive, allowing external RDP (3389) and FTP (21) connections.
  • 2. Core Router Security: Outcome: Router was running outdated firmware (CVE-2023-27805) and utilized a weak admin password (“admin123”), which was successfully brute-forced.

📊 Vulnerability Overview Matrix #

VulnerabilitySeverityStatusNotes
Weak Guest Wi-Fi PasswordCRITICAL❌ Not FixedEasily cracked via dictionary attack (“guest2024”).
Outdated Router FirmwareCRITICAL❌ Not FixedVulnerable to RCE (CVE-2023-27805).
Weak Router Admin PasswordHIGH❌ Not FixedSuccessfully brute-forced (“admin123”).
SMBv1 Protocol EnabledHIGH❌ Not FixedVulnerable to EternalBlue-style exploits.
IoT/Corporate Co-segmentationHIGH❌ Not FixedLack of isolation between IoT and workstations.
Permissive Firewall RulesMEDIUM❌ Not FixedExternal RDP and FTP access allowed.
Legacy Device Rogue AP SusceptibilityMEDIUM❌ Not FixedOlder devices automatically connect to stronger fake signals.

🛡️ Strategic Recommendations #

  1. Enforce WPA3 and Strong PSK: Upgrade all wireless networks to WPA3 and implement complex, 16+ character passwords for guest access.
  2. VLAN Micro-segmentation: Immediately isolate IoT devices (cameras, sensors, printers) into a dedicated, firewalled VLAN with no access to the corporate segment.
  3. Patch Management: Update the core router firmware immediately to remediate CVE-2023-27805 and enforce MFA for administrative access.
  4. Protocol Hardening: Disable SMBv1 and other deprecated protocols (Telnet, FTP) across all internal servers.
  5. Firewall Remediation: Close external RDP/FTP ports and implement a VPN-only policy for remote administrative access.
  6. HSTS Implementation: Ensure HSTS is enforced on all internal web interfaces to prevent SSL stripping and protocol downgrade attacks.
# AUTHORIZATION AND SIGN-OFF
Prepared by:
[+] Dr. James Anderson   | Lead Security Analyst
[+] Emily Walker         | Senior Network Security Engineer
Entity: CyberSentinel Solutions LTD
Date: June 2024