Wireless & rogue-AP review.

What gets tested

• SSID + crypto inventory — every broadcasting AP within range, the encryption used, the signal strength. Catches "the office WPA2 network you forgot to turn off three years ago."
• WPA2 vs WPA3 — if WPA2 is in use, are clients required to use PMF (Protected Management Frames)? Without PMF, deauth attacks are trivial.
• Guest-network leakage — can a guest reach your file server, your IP cameras, your printer admin pages? It often can. The fix is a guest VLAN with explicit deny.
• Rogue AP detection — APs broadcasting your SSID that you didn't install. Common from frustrated employees or malicious actors trying to harvest credentials.
• Evil-twin susceptibility — if an attacker stands up an evil-twin AP nearby, will your devices auto-connect? PMF + 802.11w handles this; without them, they'll connect.
• EAP-TLS / WPA-Enterprise misconfig — if you use WPA-Enterprise, are clients validating the RADIUS server cert? Without that, an evil-twin attack steals enterprise creds.
• Captive portal review — if you have a captive portal (cafe, hotel, retail), is it HTTPS? Does it leak credentials in the URL? Common findings.
• Hidden-SSID test — hidden SSIDs broadcast their name in beacon frames anyway. Worth confirming yours actually does what you think.

The deliverable

• SSID inventory + crypto rating per network.
• Per-finding remediation with specific config changes (Cisco, Ubiquiti, Aruba, Meraki examples covered).
• Heatmap PDF showing signal strength room-by-room.
• Live debrief with the IT person or shop owner.

Pricing