September 2009
Intermediate to advanced
307 pages
7h 46m
English
Content preview from Unauthorised Access: Physical Penetration Testing For IT Security Teams
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.
8.1. The "Get of Jail Free" Card
If you're only going to take one item with you let it be this. What we call The "Get of Jail Free" Card is a letter or form signed by the client formally and categorically acknowledging and authorizing you to perform the test. It should be signed by at least one (and preferably two) senior company officers, and if the rules of engagement permit it, by the CIO or most senior security staff member as well. Their contact details must be present and they must be reachable during the test! In addition, information about the testing team such as names, the testing company, and the stated goals are also recommended. A sample form is supplied later in this chapter. One more point, don't carry just one. You might lose it or it might get confiscated. Admit to having one copy and show duplicates only to law enforcement if you're unfortunate enough to be in the position of having to do so. Every team member should have at least two copies and they should be originals, not photocopies. Before embarking on the test and preferably at the culmination of scoping requirements, present the forms to the client and ensure they are signed in situ and never, ever p.p.ed (per procurationem) on the behalf of someone else. The last thing you want is to find yourself working for a company officer who has overstepped his authority and is denying he's ever met you. Consider this case study to illustrate the points I've made.
When Physical Tests Go BadKris found the initial ... |
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Read now
Unlock full access
More than 5,000 organizations count on O’Reilly
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.Julian F.
I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.Addison B.
I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.Amir M.
I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.