© ginasanders, 123RF.com
Improve the physical security of your business
Weak Spot
In early 2011, ten servers disappeared from the regional authority offices in Bad Hersfeld, Germany, along with (among other things) data belonging to the vehicle registration office. People were very surprised. After all, when you think of data theft, this is not typically what springs to mind. The culprits did not need to hack the network, because the people in charge had just ignored the issue of physical security.
Searching for vulnerabilities in the scope of penetration testing is a typical approach to improving the security of IT systems. One of the principles of a pentest is that the testers act like genuine hackers. But, this approach can cause a couple of problems. Although the system owners are not typically worried about a pentesters digital activities, they are unlikely to want a smashed window or door to simulate a physical attack. The result is that physical security is only checked by reference to checklists and best practices, not with actual penetration tests.
Even if the pentesters use only non-destructive methods, however, you might be surprised how far they get. In many cases, they can access what are considered to be secure rooms within just a couple of minutes. Many of the techniques used in the process are very simple, and this article will look at two of them.
Wireless Signals and Patch Cables
The first example is a classic case, and it relates to RFID-based access controls and other wireless technologies. How can an attacker get through doors secured in this way? Many people would start thinking about attacking the wireless interface, and some attacks of this kind have become public in recent years. In some cases, attackers have succeeded in sniffing and copying the transponders; in others, the original transponder opened the doors although it was nowhere near the building. Instead, the signals were forwarded via some other medium – such as cellular radio
...
Buy this article as PDF
(incl. VAT)
Buy ADMIN Magazine
US / Canada
UK / Australia
Related content
-
Slipping your pen test past antivirus protection with Veil-Evasion
The Veil pen-testing platform provides some powerful tools that will hide your attack from antivirus scanners – and Veil even supports Metasploit payloads. - Intruders Use Draft Email Messages for Attacks
-
Hunt down vulnerabilities with the Metasploit pen-testing tool
The veteran Metasploit is by no means obsolete and is still used as a typical workflow to find and analyze security vulnerabilities in Windows 10 and Linux systems. -
Arm yourself against cloud attacks
We present approaches and solutions for protecting yourself against attacks in the cloud. - New Techniques Predict Malicious Domain Names
Subscribe to our ADMIN Newsletters
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Most Popular
Support Our Work
ADMIN content is made possible with support from readers like you. Please consider contributing when you've found an article to be beneficial.
