Ad Home

Security Attack: A New Physical Penetration Attacks !

A Physical Penetration Attacks !

Physical security is an oft-overlooked component of data and system security in the technology world. While frequently forgotten, it is no less critical than timely patches, appropriate password policies, and proper user permissions. You can have the most hardened servers and network but that doesn't make the slightest difference if someone can gain direct access to a keyboard or, worse yet, march your hardware right out the door.

The purpose of accessing the building is to get access to sensitive data as part of the penetration test. Once you are past the perimeter access controls of the building, you have to discover your way to a location where you can work undisturbed or locate assets you want to physically remove from the building.

In Both way you’ll likely go into the building without knowing the floor plan or where specific assets are found. Walking blindly around searching for a site to work is the most challenging part of the physical intrusion process. It’s also when you’re most likely to be detected or confronted.

Unless your goal is to get backup tapes or paper, you will probably want access to the data network. A good place to get that access is in a conversation room, as most of them have data network ports available. 

An organization that is following industry best practices will have the data ports in their conversation rooms on a guest network that is not directly connected to the main local area network (LAN).
 But if this is the case, you can still use the conversation room as a base of operations while you try to obtain access to the data network.

No comments