Unauthorised Access: Physical Penetration Testing For IT Security Teams

Front Cover
John Wiley & Sons, Mar 25, 2010 - Computers - 302 pages
The first guide to planning and performing a physical penetration test on your computer's security

Most IT security teams concentrate on keeping networks and systems safe from attacks from the outside-but what if your attacker was on the inside? While nearly all IT teams perform a variety of network and application penetration testing procedures, an audit and test of the physical location has not been as prevalent. IT teams are now increasingly requesting physical penetration tests, but there is little available in terms of training. The goal of the test is to demonstrate any deficiencies in operating procedures concerning physical security.

Featuring a Foreword written by world-renowned hacker Kevin D. Mitnick and lead author of The Art of Intrusion and The Art of Deception, this book is the first guide to planning and performing a physical penetration test. Inside, IT security expert Wil Allsopp guides you through the entire process from gathering intelligence, getting inside, dealing with threats, staying hidden (often in plain sight), and getting access to networks and data.

  • Teaches IT security teams how to break into their own facility in order to defend against such attacks, which is often overlooked by IT security teams but is of critical importance
  • Deals with intelligence gathering, such as getting access building blueprints and satellite imagery, hacking security cameras, planting bugs, and eavesdropping on security channels
  • Includes safeguards for consultants paid to probe facilities unbeknown to staff
  • Covers preparing the report and presenting it to management

In order to defend data, you need to think like a thief-let Unauthorised Access show you how to get inside.

 

What people are saying - Write a review

We haven't found any reviews in the usual places.

Contents

Summary
Building the Operating Team
Project Planning and Workflow
Codes Call Signs and Communication
Summary
Common Paradigms for Conducting Tests
Conducting Site Exploration
Example Tactical Approaches
Mechanisms of Physical Security
Summary
Introduction to Guerilla Psychology
Tactical Approaches to Social Engineering
Summary
Lock Picking as a Hobby
Introduction to Lock Picking
Advanced Techniques
Attacking Other Mechanisms
Summary
Dumpster Diving
Shoulder Surfing
Collecting Photographic Intelligence
Finding Information From Public Sources and the Internet
Electronic Surveillance
Covert Surveillance
Summary
Wireless Networking Concepts
Introduction to Wireless Cryptography
Cracking Encryption
Attacking a Wireless Client
Mounting a Bluetooth Attack
Summary
The Get of Jail Free Card
Photography and Surveillance Equipment
Computer Equipment
Wireless Equipment
Global Positioning Systems
Physical Security
Protectively Marked or Classified GDI Material
Protective Markings in the Corporate World
Communications Security
Staff Background Checks
Data Destruction
Data Encryption
Outsourcing Risks
Incident Response Policies
Summary
Understanding the Sources of Information Exposure
Social Engineering Attacks
Protecting Against Electronic Monitoring
Securing Refuse
Protecting Against Tailgating and Shoulder Surfing
Performing Penetration Testing
Baseline Physical Security
Summary
Computer Misuse Act
Human Rights Act
Regulation of Investigatory Powers Act
Data Protection Act
Computer Fraud and Abuse Act
Electronic Communications Privacy Act
SOX and HIPAA
European Network and Information Security Agency
Data Protection Directive
Clearance Procedures in the United Kingdom
Levels of Clearance in the United Kingdom
Levels of Clearance in the United States
Certified Information Systems Security Professional
CommunicationElectronics Security Group CHECK
Global Information Assurance Certification
INFOSEC Assessment and Evaluation
Copyright

Other editions - View all

Common terms and phrases

About the author (2010)

Wil Allsopp (Netherlands) is an IT security expert who has provided security audits for some of the largest companies in the UK including top tier banking, government and most of the Fortune 100. His job requires him to be part hacker, and part thief as companies hire him to probe their security measures to the extreme.

Bibliographic information