September 2009
Intermediate to advanced
307 pages
7h 46m
English
Content preview from Unauthorised Access: Physical Penetration Testing For IT Security Teams
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.
3.1. Common Paradigms for Conducting Tests
Broadly speaking, there are three approaches to physical penetration testing. An overview of each is given in the following sections. When planning a test it is useful to draft a test plan after your preliminary research. This process maximizes the creative process and helps you discover the most viable plan of attack.
3.1.1. Traits of the Overt Tester
The overt tester makes no attempt to disguise his presence. This is not to say that he will announce his intentions, but he makes little attempt to evade security controls or guards and will work 'within the system' as much as possible. When testing overtly, you rely on social engineering and flaws in human security as much as possible. A camera operator would be unlikely to notice anything suspicious about a tester as his intention is to become a part of his environment.
As an example, an overt tester would walk into reception, give false credentials, and be issued a legitimate badge. After border security is breached you become part of the system and have nothing to fear from it. Usually such testing requires a higher degree of initial planning and setup to put the tester in a position of trust.
The following is an example of an overt test:
Research staff names and functions.
Determine who is on vacation.
Turn up for a sales meeting with a middle manager you know to be absent.
Sign in at reception, get a badge and 'call your contact' before reception has a chance to. You'll be right up. ...
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Read now
Unlock full access
More than 5,000 organizations count on O’Reilly
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.Julian F.
I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.Addison B.
I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.Amir M.
I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.