Broadly speaking, there are three approaches to
physical penetration testing. An overview of each is given in the following
sections. When planning a test it is useful to draft a test plan after your
preliminary research. This process maximizes the creative process and helps you
discover the most viable plan of attack.
Traits of the Overt Tester
The
overt tester makes no attempt to disguise his presence. This is not to say that
he will announce his intentions, but he makes little attempt to evade security
controls or guards and will work 'within the system' as much as possible. When
testing overtly, you rely on social engineering and flaws in human security as
much as possible. A camera operator would be unlikely to notice anything
suspicious about a tester as his intention is to become a part of his
environment.
Conducting Site Exploration
No
matter how you gain access to a target facility, be sure not to outstay your
welcome. The risk of getting caught becomes exponentially higher the longer you
stay on site. This is not to say that you should rush. Rushing is just as
risky, but you should have a well-thought-out and flexible plan and know in
advance what you're looking for. Sometimes this is not possible or the Rules of
Engagement are deliberately vague and you have to do a little exploration. The
following areas may be of interest to a penetration tester.
Reception (Is Not Security)
Sometimes
it seems like it's all about reception. The purpose of reception is not security;
that's very much a secondary function. Reception's main function is to welcome
visitors and provide a face to the building. Who sees that face depends
completely on the nature of the company, but it usually includes clients,
salesmen, contractors and delivery men. It goes without saying that these
groups are treated in very different ways.
Example Tactical Approaches
These
are specific approaches that I've found to be very effective in most
circumstances. Self-confidence is a powerful factor in any testing situation
and absolutely necessary to your success. It's a cliché but if you believe in
yourself and your chosen persona, others will too.
Tailgating to Gain Entry
Tailgating
is an attack that you can use in any environment that makes use of proximity
door controls. In principle, the concept is simple enough but in practice, it
requires a little forethought for successful execution. You (or an intruder)
are unable to open proximity door locks without an activated token. To overcome
this, you wait until a legitimate pass holder opens the door and then slip
through behind them. It is important to do this in a way that does not draw
suspicion.
Mechanisms
of Physical Security
This section talks about the technologies that are
commonly deployed to keep intruders out and details the inherent weaknesses of
each. Security measures discussed here include the
following:
·
badges
and access tokens;
·
guards;
·
cameras;
·
Physical
access controls.
· Practical physical security
testing – The paradigms or
approaches an operating team can take in order to complete their assignment.
· Site exploration – The assets you may
need to acquire.
· Tactical approaches – The techniques that
one can deploy at a tactical level to gain access to a facility.
· Badge security – The technical
measures and psychological ap-proaches that can be adopted to mitigate badge
and pass security.
· Security mechanisms – These can be
physical preventative controls or merely a deterrent. You should have a good
idea of their strengths and weaknesses.
No comments:
Post a Comment