In this phase, we must understand the following:
- Scope of the assessment: The penetration tester should work with the client to define a scope that is achievable and will also provide the greatest amount of insight into the security of a network. Typically, the following information is gathered:
- Location of the penetration test.
- Total coverage area of the premises.
- Approximate number of access points and wireless clients deployed.
- Which wireless networks are included in the assessment?
- Is exploitation in scope?
- Are attacks against users in scope?
- Is denial of service in scope?
- Effort estimation: Based on the scope defined, the tester will then have to estimate how much time is required. Bear in mind that rescoping may occur following this estimate, as organizations may have limited resources available in terms of both time and money.
- Legality: Prior to performing a test, the client must give consent. This should explain the testing to be covered and clearly define the level of indemnity, insurance, and the limitations of the scope. If you are unsure, you will need to speak to a professional in these areas. Most organizations will have their own versions that will likely also incorporate a Non-Disclosure Agreement (NDA).
Once all of the preceding requirements are in place, we are ready to go!
..................Content has been hidden....................
You can't read the all page of ebook, please click here login for view all page.