Home page logo
/

pen-test logo Penetration Testing mailing list archives

Re: pentest physical security
From: intel96 <intel96 () bellsouth net>
Date: Fri, 25 Aug 2006 11:54:25 -0400

Posing as a cleaning person allows you to obtain unrestricted access
into some sensitive locations (e.g. CxO offices).  The trash makes a
great place to hide disk duplication equipment, hardware keystroke
loggers and other equipment. The disk duplication equipment allows you
to copy the laptop and desktop hard drives without stealing them.   The
keystroke loggers allow you to obtain passwords for encrypted files and
other applications.

Posing as HVAC personnel also works.

The cleaning crews can expose MAJOR gaps in an organization security
posture as noted below:

I once provided a FREE physical security inspection and a vulnerability
assessment to a Fortune 500 telecommunications firm (requirement for
Masters Degrees).  Part of my assessment was to questioned the cleaning
company that provided services to this telecommunications firm.  The
cleaning company did verify anything about their workers and most were
from Asia countries (mostly Korea and China).  These workers had
unrestricted access into development areas for new products (e.g.
cellular, networking, etc.). 

When I provided my final report to the company nothing changed.  I know
this because I worked at this company for a year after the report and
caught several cleaning people in restricted areas looking at project
information.  When asked what they were doing they stated that they did
not understand English and hurried away...............



JJacoby wrote:
My experience has been that there are two groups that have nearly unfettered
and unescorted access to all spaces: private security guards, and the
cleaning crew.  Both are poorly paid and on the bottom of the social scale,
so employees don't want to be seen having any contact with them.  Duplicate
their appearance and you will be shunned.

Try to observe the cleaning crew's appearance, doors used, etc.  Cleaning
crews leave doors open / unlocked / propped all the time.  They work after
hours, so there are few (if any) employees around to watch you shove laptops
into your trash bin.

Stonewall


-----Original Message-----
From: Cedric Blancher [mailto:blancher () cartel-securite fr]
Sent: Tuesday, August 15, 2006 10:28 AM
To: scott
Cc: pen-test () securityfocus com
Subject: Re: pentest physical security

Le lundi 31 juillet 2006 à 00:49 -0400, scott a écrit :
  
Okay,I've been contacted about pentesting physical security system for 
a  medium size company that is integrating IT & physical 
security,ie;cameras,id gates,etc.
I'm not exactly sure where to start,other than the 
obvious;passwords,permissions,etc.
    

Maybe some clue here:

http://recon.cx/en/f/sconheady-social-engineering-for-pen-testers.pdf


--
http://sid.rstack.org/
PGP KeyID: 157E98EE FingerPrint: FA62226DA9E72FA8AECAA240008B480E157E98EE
  
Hi! I'm your friendly neighbourhood signature virus.
Copy me to your signature file and help me spread!
      

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php
------------------------------------------------------------------------



------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php
------------------------------------------------------------------------


  


------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php
------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault