Chapter 23. Attackers Using Non-Network Methods to Gain Access

IT security professionals spend a lot of time hardening servers, configuring router and firewall rules, running vulnerability scanning tools, and even performing some penetration tests. Consequently, it is very easy to overlook the two simplest ways of gaining access to information assets—asking for it and taking it. To this point, this book has covered penetration testing through the use of computers. Now you’ll take a look at penetration testing that uses two methods that do not employ computers—physical access and social engineering—and you’ll see how threats can be mitigated.

Gaining Physical Access to Information Resources

As information security has evolved into the high-tech maze ...

Get Assessing Network Security now with the O’Reilly learning platform.

O’Reilly members experience live online training, plus books, videos, and digital content from nearly 200 publishers.