Wireless Authentication
We assess your wireless protections directly. The first check takes only a moment: does your network have a password? If not, your traffic presumably lacks link-layer encryption, which means a large amount of traffic information will be leaked to anyone listening in via radio. It also means that anyone can connect to it, enumerate and probe your systems, and even impersonate your devices through MAC spoofing.
However, a password is only the beginning of securing a WiFi network. For pre-shared-key networks we evaluate the strength of the key and the feasibility of capturing and cracking the handshake offline, against both WPA2 and the improvements and residual weaknesses of WPA3. For enterprise networks using 802.1X and EAP, we examine certificate validation and the configuration weaknesses that allow credential interception, since enterprise wireless that fails to validate the authentication server can leak corporate credentials to a convincing impostor.