Posted on Mar 3, 2016
What makes a Physical Security assesment successful? Do's and Do not's?
5.59K
8
5
4
4
0
Huge part of InfoSec, and I believe is overlooked is Physical Security. I want to be successful in securing my Network logically and physically. What do you look for when doing a physical security assessment?
Posted 9 y ago
Responses: 3
Think of your location like a "safe." Start by looking at the outside and see what the access points are and if there are any other vulnerabilities.
As an example, if you have a room where all your network infrastructure is located, how do you get into the room? Can you get into the room another way? With or without damage? Will those methods be "detectable" or "trackable." (Will you know someone has been inside). The best container is worthless of everyone has a key, and you can't tell who has been in it.
If the network expands out of that space, is it vulnerable along the way? (non-encrypted). Can its protections be bypassed if someone has physical access to them?
As an example, if you have a room where all your network infrastructure is located, how do you get into the room? Can you get into the room another way? With or without damage? Will those methods be "detectable" or "trackable." (Will you know someone has been inside). The best container is worthless of everyone has a key, and you can't tell who has been in it.
If the network expands out of that space, is it vulnerable along the way? (non-encrypted). Can its protections be bypassed if someone has physical access to them?
(2)
(0)
If a pen tester did not gain access, don't hire them again. there is always a way in. as for physical security, if i can access any input output device directly you could have problems. most sensitive are: keyboard, bluetooth, cd drive, wifi, network cable (i don't have to unplug it either) USB, firewire, this list could go on for a while. if i can access any of the things listed i can own your computer. the biggest thing is the assessment, do not spend more protecting your systems than they are worth, that includes more than just the hardware but the data in it, its value to other people and many other things.
(1)
(0)
SPC(P) (Join to see)
Well put, I didn't hire the guy, but he pretended to be with one of our ISP's and asked if he had an appointment...... Started getting as much info as I can and went as far as calling the company... Once I did that, he left
(0)
(0)
SPC(P) (Join to see)
Thank you! Because I believe we just had a Pentester trying to gain access (failed MISERABLY) LOL
(0)
(0)
Read This Next