Wireless Access

Reply
Contributor II
Posts: 65
Registered: ‎12-09-2013

Pen Testing Mesh

Im looking to Pen Test my Aruba Mesh network and validate security. No Idea how to do this. Any advice? 

MVP
Posts: 1,357
Registered: ‎11-07-2008

Re: Pen Testing Mesh

You would need to be more specific on what you are trying to test? Wired security, wireless security of the mesh, etc?

Jerrod Howard
Sr. Techical Marketing Engineer
Contributor II
Posts: 65
Registered: ‎12-09-2013

Re: Pen Testing Mesh

Wireless security of the mesh
MVP
Posts: 1,357
Registered: ‎11-07-2008

Re: Pen Testing Mesh

Not really then no. Use a sufficiently complex passphrase on the WPA2 and you should be fine. Because it's not really needed to be 'known', I usually bang out a random string on a text file, copy/paste into the mesh profile and save it. From there, it's saved on the controller and deployed to APs securely from there. Once up, so long as the passphrase is solid, the mesh link will be secure. 

Jerrod Howard
Sr. Techical Marketing Engineer
Contributor II
Posts: 65
Registered: ‎12-09-2013

Re: Pen Testing Mesh

The mesh link is broadcasting its own SSID correct? That being said, agree with you, as long as encryption is enabled with long PSK all should be good. The SSID can be hidden but that shouldn't matter as pen testing tools should still pick it up. Could you potentially disrupt the link by sending a deauth request and capturing the 4 way handshake?
MVP
Posts: 1,357
Registered: ‎11-07-2008

Re: Pen Testing Mesh

The mesh SSID is broadcast, but normal clients won't be able to see it (FromDS and ToDS are set to '1'). You would need a hacked/modded WLAN driver/card to see it and be able to send packets that way.

 

Yes, if you have a card/driver to send deauths you could disrupt the link. Capturing the 4 way isn't going to do you much good, esp when using a sufficiently complex key (the mesh is WPA2 AES, so same strenth as WLAN AES WPA2). 

Jerrod Howard
Sr. Techical Marketing Engineer
Search Airheads
Showing results for 
Search instead for 
Did you mean: