|
Penetration Testing
mailing list archives
Re: Physical Security - Pen Test
From: Marco Ivaldi <raptor () mediaservice net>
Date: Tue, 31 Mar 2009 12:27:14 +0200 (ora solare Europa occidentale)
Paul,
On Mon, 30 Mar 2009, iadcc wrote:
Has anybody ever conducted a physical security penetration test? Do you
have a sample test plan you used? I have formulated some Social
Engineering tests we could try but anything else would be useful./
Just a few suggestions off the top of my head:
http://www.isecom.info/mirror/osstmm.en.2.2.pdf
http://www.isecom.org/osstmm3.HUMSEC.draft.pdf
http://www.vulnerabilityassessment.co.uk/Penetration%20Test.html
http://security.ucdavis.edu/physical_security.cfm
http://csrc.nist.gov/groups/STM/cmvp/documents/fips140-3/physec/physecdoc.html
http://csrc.nist.gov/publications/nistpubs/800-12/800-12-html/chapter15.html
http://csrc.nist.gov/publications/nistpubs/800-115/SP800-115.pdf
http://www.tuev-nord.com.ua/itgr/IT_grund/threat.pdf (see also www.bsi.de)
http://seclists.org/pen-test/2004/Dec/0011.html (all thread)
Watch out for OSSTMM 3.0, which will extensively cover PHYSSEC channel
testing (encompassing both Human and Physical Security).
Cheers,
--
Marco Ivaldi, OPST
Lead Security Analyst Data Security Division
@ Mediaservice.net Srl http://mediaservice.net/
------------------------------------------------------------------------
This list is sponsored by: InfoSec Institute
No time or budget for traveling to a training course in this fiscal year? Check out the online penetration testing courses available at InfoSec Institute. More than a boring "talking head", train in our virtual labs for a total hands-on training experience. Get the certs you need as well: CEH, CPT, CEPT, ECSA, LPT.
http://www.infosecinstitute.com/request_online_training.html
------------------------------------------------------------------------
 By Date 
By Thread
Current thread:
|
