The primary objective for a physical penetration test is to measure the strength of existing physical security controls and uncover their weaknesses before bad actors are able to discover and exploit them. ... Identify Physical Security Control Flaws Present In The Environment.
OVERVIEW
The primary benefit of a physical penetration test is to expose weaknesses and vulnerabilities in physical controls (locks, barriers, cameras, or sensors) so that flaws can be quickly addressed. In addition, physical penetration tests mimic real-world scenarios to demonstrate what impact a malicious actor can have on your systems.
There are 13 methods or steps used in performing a physical penetration test including: Mapping the entrances and perimeter, lock picking, accessing sensitive information, testing server rooms, wires and cables, testing fire and cooling systems, intercepting EM waves, dumpster diving, breaking RFID tags' encryption, tailgating, testing network jacks, checking meeting rooms, shoulder surfing, and social engineering.
Physical security is an oft-overlooked component of data and system security in the technology world. While frequently forgotten, it is no less critical than timely patches, appropriate password policies, and proper user permissions. You can have the most hardened servers and network but that doesn't make the slightest difference if someone can gain direct access to a keyboard or, worse yet, march your hardware right out the door.
Those who attend this session will leave with a full awareness of how to best protect buildings and grounds from unauthorized access, as well as how to compromise most existing physical security in order to gain access themselves. Attendees will not only learn how to distinguish good locks and access control from poor ones, but will also become well-versed in picking and bypassing many of the most common locks used in North America in order to assess their own company's security posture or to augment their career as a penetration tester.
Pen testers commonly use one of several strategies or a combination of them. The choice depends on the objectives and on what you find acceptable.
Targeted penetration testing is conducted by the client’s IT or security team and the testing team working together. Everyone knows what is going on, and no one is taken by surprise. This approach causes a minimum of disruption, since the IT team won’t mistake a test for a real attack. It allows for quick feedback in both directions.
External testing takes the perspective of an outside attacker who (initially) has no system privileges. The testers can see servers and devices which are visible on the Internet. This includes Web, mail, and FTP servers, firewalls, and any devices that may be inadvertently exposed to access. The test includes scanning access points for open ports, probing services, login attempts, and scanning for leaked information.
Internal testing works from a user account given to the tester. The tester determines if the account can take actions or reach resources it shouldn’t be authorized for. Aside from assessing how much harm a rogue employee can do, it measures what can happen if an outsider steals the credentials for an account. In systems that consistently employ the principle of least privilege, a normal account can do only limited harm.
Blind testing is a type of external testing that simulates the actions of an attacker who has picked a target at random. The testers start with very limited information, perhaps just the name of the company or the domain. There aren’t a lot of cases where this type of test is useful. The tester needs to spend additional time gathering information to get to the point of a normal external tester.
Double blind testing is more interesting. Both the tester and the client organization are operating blind. Only a few people on the client side know about the test, and they don’t include IT personnel. To the people in IT, whatever happens is a real attack. This type of test evaluates the ability of IT and security to respond to an intrusion attempt. It carries some risks, since the tech team might quarantine systems or restrict operations in an attempt to stop the “attack.”
Black box testing is similar to blind testing, and the terms are often used interchangeably. Black-box testers know what systems they are targeting but have no knowledge beyond what the public has. This is slightly more information than a true blind tester has, but most often it’s limited to the URL of the company’s website or its IP address. This type of test can help to show if the client has made too much information easily available.
White box testing is also known as clear box testing. The testers get detailed information about the target system, including source code, configurations, and system documentation. It lets testers find the greatest number of weaknesses in the shortest time, and it helps to show what a malicious insider could do. Unlike internal testing, white box testing doesn’t include the credentials for any accounts.
WHO SHOULD TAKE THIS COURSE
Penetration testers, security auditors, IT professionals responsible for infrastructure oversight. Physical penetration testing simulates a real-world threat scenario where a malicious actor attempts to compromise a business’s physical barriers to gain access to infrastructure, buildings, systems, and employees. The goal of a physical penetration test is to expose weaknesses in a businesses’ overall physical defenses. Through identifying these weaknesses proper mitigations can be put in place to strengthen the physical security posture.
To compromise physical security, a malicious party may need to overcome perimeter security, intrusion alarms, or motion detectors and/or bypass technical controls such as smart cards or proximity readers storing permissions controlling access to a secured room. Yet the motivated individual can do so — sometimes all it takes is a plea for assistance and a friendly smile.
BIGFOOT Security’s highly trained consultants identify physical security control flaws present in your environment, help you understand the level of real-world risk for your organization, and stick around to support your efforts to address and fix identified physical security flaws. Our job doesn’t stop at the reporting; we also offer complimentary remediation retesting with no time limit after your project.