From: Vic N (vic778@hotmail.com)
Date: Fri Dec 03 2004 - 09:39:47 EST
>From: marc spamcatcher <junk@zounds.net>
>To: pen-test@securityfocus.com
>Subject: physical security pentesting procedures, tips, audit programs?
>Date: Wed, 1 Dec 2004 20:41:28 -0600 (CST)
>
>I am performing a pentest of the physical security at a hospital. Can
>anyone offer procedures, methodologies, tips, etc on this?
I'd suggest you look at the challenge from the viewpoint of an unattended
patient left alone in an examination room. I've seen instances where IP #'s
are plainly labelled on wireless devices in public areas (such as an ER) and
these IP's match simple ARIN lookups (do the ARIN lookups before you go in).
Patient rooms sometimes have multiple RJ45 jacks to secondary equipment
networks that could easily be plugged into. While it might not grant access
to information, gaining access to and DOS'ing a network that say provides
access to vitals monitoring could be a hospitals worst nightmare (and to be
clear, I don't recommend doing it for a pen-test!) and should make your
client take note.
In this mode, I'm sure you'll see numerous HIPPA violations with
workstations being left unlocked too. My experience has been that you're
not separated from your possessions even in an ER situation (it's just put
in a bag and you hold on to it). A standard notebook w/wireless and an
RJ-45 cable idling ready to go in a non-descript bag...
If you go in as a non-critical patient needing observation and not as a
"stranger" you're bound to be left unattended in the "hurry up and wait"
nature of treatement and have more than a few minutes to test.
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:54:09 EDT