Jump to content

I'm considering starting a business security reviewing wireless networks - is the Wi-Fi Pineapple a good choice?


_khs

Recommended Posts

Posted

I'm thinking

- Is the Wi-Fi Pineapple a goos choice as the main tool for analysis?
- Is it capable of producing professional actionable reports to give to the customer?
- Does anyone know of other professionals using the Wi-Fi Pineapple for wireless network security reviews?

Posted

First of all, I find that business case being rather narrow. Building a business solely on reviewing wireless network security seems limited. But, if having a geographic area with a lot of potential customers, then it's of course possible. However, who wants wireless reviews only these days? The needs that I meet is more wide and complex than just having some customer asking for just a wireless audit. The scope is most often much bigger. Then, the reporting is all depending on which the stakeholders are on the other side of the table. If it's a tech savvy IT department or a CISO, then a "machine created" report might work, but if the customer is a board of directors or some non tech savvy people, then you have to put a bit more effort into the reporting. In any way, you always need to know what the customer priorities are, which assets are valuable to them, what measures do they need to take to improve their environment, how much will it cost (initially and thereafter), will it require additional resources (employing people/using consultants), etc. Will the Pineapple work? Sure. Could you use some alternative equipment? Yes. Either way, you have to know what you are doing and also be able to present your findings to the customer(s) in a way that they expect. If a "machined" report will be enough or not, that's up to each customer's needs.

Posted

It depends...

It's not really a report tool as such, but more an evil AP in a box, supported by remote infrastructure.
It's more of an attack tool, not a site survey tool. For that go with a Laptop with tools, some nice wifi cards, and an office suite, and you should be set.
I would say that testing wifi is not just about running some tool from a box, and dumping the output into a report, it's looking at everything.
The building materials, distance to other buildings, radio signal meassurements and field strength, spreading patterns and so on.
What encryption are they using, what type of wifi is it, what are the user devices in use, and what are the users habits ?

So, could you use a Pineapple, sure, but not alone. Can it be a part of an attack scenario in a test, sure. But to me it sounds like you want a do-all solution that works by pushing a button. That you're not getting with a Pineapple, and it's not enough for a professional test, not even close.
So, learn the basics, learn the tools and theory, and learn how to do a full test in hand, using basic tools, and how wifi security works.
You're not of any value to a customer if you just run an automated tool, and hand them a pretty printout. You have to know why the wifi is secure, or not secure, and be able to tell them why, and how to fix it, in a way "even management understands" 😉

Everything else, is just a waste of time for both of you.

Archived

This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...