IT security professionals spend a lot of time hardening servers, configuring router and firewall rules, running vulnerability scanning tools, and even performing some penetration tests. Consequently, it is very easy to overlook the two simplest ways of gaining access to information assets—asking for it and taking it. To this point, this book has covered penetration testing through the use of computers. Now you’ll take a look at penetration testing that uses two methods that do not employ computers—physical access and social engineering—and you’ll see how threats can be mitigated.