Unauthorised Access: Physical Penetration Testing For IT Security Teams

Preface xi

Acknowledgements xv

Foreword xvii

1 The Basics of Physical Penetration Testing 1

What Do Penetration Testers Do? 2

Security Testing in the Real World 2

Legal and Procedural Issues 4

Know the Enemy 8

Engaging a Penetration Testing Team 9

Summary 10

2 Planning Your Physical Penetration Tests 11

Building the Operating Team 12

Project Planning and Workflow 15

Codes, Call Signs and Communication 26

Summary 28

3 Executing Tests 29

Common Paradigms for Conducting Tests 30

Conducting Site Exploration 31

Example Tactical Approaches 34

Mechanisms of Physical Security 36

Summary 50

4 An Introduction to Social Engineering Techniques 51

Introduction to Guerilla Psychology 53

Tactical Approaches to Social Engineering 61

Summary 66

5 Lock Picking 67

Lock Picking as a Hobby 68

Introduction to Lock Picking 72

Advanced Techniques 80

Attacking Other Mechanisms 82

Summary 86

6 Information Gathering 89

Dumpster Diving 90

Shoulder Surfing 99

Collecting Photographic Intelligence 102

Finding Information From Public Sources and the Internet 107

Electronic Surveillance 115

Covert Surveillance 117

Summary 119

7 Hacking Wireless Equipment 121

Wireless Networking Concepts 122

Introduction to Wireless Cryptography 125

Cracking Encryption 131

Attacking a Wireless Client 144

Mounting a Bluetooth Attack 150

Summary 153

8 Gathering the Right Equipment 155

The ‘‘Get of Jail Free’’ Card 155

Photography and Surveillance Equipment 157

Computer Equipment 159

Wireless Equipment 160

Global Positioning Systems 165

Lock Picking Tools 167

Forensics Equipment 169

Communications Equipment 170

Scanners 171

Summary 175

9 Tales from the Front Line 177

SCADA Raiders 177

Night Vision 187

Unauthorized Access 197

Summary 204

10 Introducing Security Policy Concepts 207

Physical Security 208

Protectively Marked or Classified GDI Material 213

Protective Markings in the Corporate World 216

Communications Security 218

Staff Background Checks 221

Data Destruction 223

Data Encryption 224

Outsourcing Risks 225

Incident Response Policies 226

Summary 228

11 Counter Intelligence 229

Understanding the Sources of Information Exposure 230

Social Engineering Attacks 235

Protecting Against Electronic Monitoring 239

Securing Refuse 240

Protecting Against Tailgating and Shoulder Surfing 241

Performing Penetration Testing 242

Baseline Physical Security 245

Summary 247

Appendix A: UK Law 249

Computer Misuse Act 249

Human Rights Act 251

Regulation of Investigatory Powers Act 252

Data Protection Act 253

Appendix B: US Law 255

Computer Fraud and Abuse Act 255

Electronic Communications Privacy Act 256

SOX and HIPAA 257

Appendix C: EU Law 261

European Network and Information Security Agency 261

Data Protection Directive 263

Appendix D: Security Clearances 265

Clearance Procedures in the United Kingdom 266

Levels of Clearance in the United Kingdom 266

Levels of Clearance in the United States 268

Appendix E: Security Accreditations 271

Certified Information Systems Security Professional 271

Communication–Electronics Security Group CHECK 272

Global Information Assurance Certification 274

INFOSEC Assessment and Evaluation 275

Index 277