Re: physical security pentesting procedures, tips, audit programs?

From: nicola@softech.it
Date: Sat Dec 11 2004 - 09:03:13 EST

• Next message: Jeffrey Denton: "Fwd: Article Announcement - Demystifying Penetration Testing"
• Previous message: Debasis Mohanty: "Article Announcement - Demystifying Penetration Testing"
• Maybe in reply to: marc spamcatcher: "physical security pentesting procedures, tips, audit programs?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

On Thu, 2004-09-12 at 21.18, Frank Knobbe wrote:

> Sure, but you show it to management/sponsor. You don't show it to the
> people affected unless they are involved in a test (like branch managers
> having you detained in their office).

> Penetration Testing is all about showing flaws, but to the sponsor, not
> the folks who commit the violations. It's the responsibility of the
> sponsors to take action in a way they see fit.

> Discretion is paramount in these engagements. You just don't leave stuff
> behind.

I'm agree with Frank...in a physical security test, discretion is very
important..then, what about using the so called "password pen"?

Watch this:
http://www.softwareandstuff.com/CES10368.html

With this pen you can write on any surface with invisible to the naked eye
ink; when you point an UV light on the area you wrote, your tag will
appear.
Imho discreet and effective.

Bye
Nicola

• Next message: Jeffrey Denton: "Fwd: Article Announcement - Demystifying Penetration Testing"
• Previous message: Debasis Mohanty: "Article Announcement - Demystifying Penetration Testing"
• Maybe in reply to: marc spamcatcher: "physical security pentesting procedures, tips, audit programs?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:54:10 EDT