Re: pentest physical security

From: JJacoby (jjacoby@stonewallsecurity.com)
Date: Thu Aug 24 2006 - 08:38:43 EDT

• Next message: Serge Vondandamo: "Pen-testing/auditing MS Exchange Servers."
• Previous message: Isaac Van Name: "RE: Penetration Testing - Human Factor"
• Maybe in reply to: scott: "pentest physical security"
• Next in thread: intel96: "Re: pentest physical security"
• Reply: intel96: "Re: pentest physical security"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

My experience has been that there are two groups that have nearly unfettered
and unescorted access to all spaces: private security guards, and the
cleaning crew. Both are poorly paid and on the bottom of the social scale,
so employees don't want to be seen having any contact with them. Duplicate
their appearance and you will be shunned.

Try to observe the cleaning crew's appearance, doors used, etc. Cleaning
crews leave doors open / unlocked / propped all the time. They work after
hours, so there are few (if any) employees around to watch you shove laptops
into your trash bin.

Stonewall

-----Original Message-----
From: Cedric Blancher [mailto:blancher@cartel-securite.fr]
Sent: Tuesday, August 15, 2006 10:28 AM
To: scott
Cc: pen-test@securityfocus.com
Subject: Re: pentest physical security

Le lundi 31 juillet 2006 à 00:49 -0400, scott a écrit :
> Okay,I've been contacted about pentesting physical security system for
> a medium size company that is integrating IT & physical
> security,ie;cameras,id gates,etc.
> I'm not exactly sure where to start,other than the
> obvious;passwords,permissions,etc.

Maybe some clue here:

http://recon.cx/en/f/sconheady-social-engineering-for-pen-testers.pdf

--
http://sid.rstack.org/
PGP KeyID: 157E98EE FingerPrint: FA62226DA9E72FA8AECAA240008B480E157E98EE
>> Hi! I'm your friendly neighbourhood signature virus.
>> Copy me to your signature file and help me spread!
------------------------------------------------------------------------
This List Sponsored by: Cenzic
Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php
------------------------------------------------------------------------
------------------------------------------------------------------------
This List Sponsored by: Cenzic
Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php
------------------------------------------------------------------------

• Next message: Serge Vondandamo: "Pen-testing/auditing MS Exchange Servers."
• Previous message: Isaac Van Name: "RE: Penetration Testing - Human Factor"
• Maybe in reply to: scott: "pentest physical security"
• Next in thread: intel96: "Re: pentest physical security"
• Reply: intel96: "Re: pentest physical security"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:56:48 EDT