Unauthorised Access

The first guide to planning and performing a physical
penetration test on your computer's security

Most IT security teams concentrate on keeping networks and
systems safe from attacks from the outside-but what if your
attacker was on the inside? While nearly all IT teams perform a
variety of network and application penetration testing procedures,
an audit and test of the physical location has not been as
prevalent. IT teams are now increasingly requesting physical
penetration tests, but there is little available in terms of
training. The goal of the test is to demonstrate any deficiencies
in operating procedures concerning physical security.

Featuring a Foreword written by world-renowned hacker Kevin D.
Mitnick and lead author of The Art of Intrusion and The
Art of Deception, this book is the first guide to planning and
performing a physical penetration test. Inside, IT security expert
Wil Allsopp guides you through the entire process from gathering
intelligence, getting inside, dealing with threats, staying hidden
(often in plain sight), and getting access to networks and
data.

• Teaches IT security teams how to break into their own facility
  in order to defend against such attacks, which is often overlooked
  by IT security teams but is of critical importance

• Deals with intelligence gathering, such as getting access
  building blueprints and satellite imagery, hacking security
  cameras, planting bugs, and eavesdropping on security channels

• Includes safeguards for consultants paid to probe facilities
  unbeknown to staff

• Covers preparing the report and presenting it to
  management

In order to defend data, you need to think like a thief-let
Unauthorised Access show you how to get inside.

Auteur

Wil Allsopp (Netherlands) is an IT security expert who has provided security audits for some of the largest companies in the UK including top tier banking, government and most of the Fortune 100. His job requires him to be part hacker, and part thief as companies hire him to probe their security measures to the extreme.

Texte du rabat
In this book Wil Allsopp has created a thorough reference for those looking to advance into the area of physical penetration testing. The book also serves as a guidebook for in-house security managers seeking to institute better policy safeguards. From the Foreword, by Kevin Mitnick Most IT security teams concentrate on keeping networks and systems safe from the outside usually with the entire focus on firewalls, server configuration, application security, intrusion detection systems, and the like. But what if your attacker was on the inside? What if they were sitting at an employee's computer, or placing a wireless access point hidden in a wiring closet or even roaming inside your server room?

Unauthorised Access provides the first guide to planning and performing physical penetration tests. Inside, IT security expert Wil Allsopp guides you through the entire process from gathering intelligence, getting inside, dealing with threats, staying hidden (often in plain sight) and getting access to networks and data. Learn to think like an attacker with topics that include:

• Types of target vs level of anticipated response
• Dealing with guards
• Intelligence tradecraft, satellite imagery and in depth information gathering
• Planting bugs and covert wireless access points
• Hacking security cameras
• Strategic, tactical and operational planning
• Defeating locks, electronic keypads and other electronic access systems
• Social engineering - the weakest link
• Using your Get Out of Jail Free card
• Complying with local laws
• Attacking wireless networks

Résumé
The first guide to planning and performing a physical penetration test on your computer's security Most IT security teams concentrate on keeping networks and systems safe from attacks from the outside-but what if your attacker was on the inside? While nearly all IT teams perform a variety of network and application penetration testing procedures, an audit and test of the physical location has not been as prevalent. IT teams are now increasingly requesting physical penetration tests, but there is little available in terms of training. The goal of the test is to demonstrate any deficiencies in operating procedures concerning physical security.

Featuring a Foreword written by world-renowned hacker Kevin D. Mitnick and lead author of The Art of Intrusion and The Art of Deception, this book is the first guide to planning and performing a physical penetration test. Inside, IT security expert Wil Allsopp guides you through the entire process from gathering intelligence, getting inside, dealing with threats, staying hidden (often in plain sight), and getting access to networks and data.

• Teaches IT security teams how to break into their own facility in order to defend against such attacks, which is often overlooked by IT security teams but is of critical importance
• Deals with intelligence gathering, such as getting access building blueprints and satellite imagery, hacking security cameras, planting bugs, and eavesdropping on security channels
• Includes safeguards for consultants paid to probe facilities unbeknown to staff
• Covers preparing the report and presenting it to management
  In order to defend data, you need to think like a thief-let Unauthorised Access show you how to get inside.

Contenu

Preface xi

Acknowledgements xv

Foreword xvii

1 The Basics of Physical Penetration Testing 1

What Do Penetration Testers Do? 2

Security Testing in the Real World 2

Legal and Procedural Issues 4

Know the Enemy 8

Engaging a Penetration Testing Team 9

Summary 10

2 Planning Your Physical Penetration Tests 11

Building the Operating Team 12

Project Planning and Workflow 15

Codes, Call Signs and Communication 26

Summary 28

3 Executing Tests 29

Common Paradigms for Conducting Tests 30

Conducting Site Exploration 31

Example Tactical Approaches 34

Mechanisms of Physical Security 36

Summary 50

4 An Introduction to Social Engineering Techniques 51

Introduction to Guerilla Psychology 53

Tactical Approaches to Social Engineering 61

Summary 66

5 Lock Picking 67

Lock Picking as a Hobby 68

Introduction to Lock Picking 72

Advanced Techniques 80

Attacking Other Mechanisms 82

Summary 86

6 Information Gathering 89

Dumpster Diving 90

Shoulder Surfing 99

Collecting Photographic Intelligence 102

Finding Information From Public Sources and the Internet 107

Electronic Surveillance 115

Covert Surveillance 117

Summary 119

7 Hacking Wireless Equipment 121

Wireless Networking Concepts 122

Introduction to Wireless Cryptography 125

Cracking Encryption 131

Attacking a Wireless Client 144

Mounting a Bluetooth Attack 150

Summary 153

8 Gathering the Right Equipment 155

The ''Get of Jail Free'' Card 155

Photography and Surveillance Equipment 157

Computer Equipment 159

Wireless Equipment 160

Global Positioning Systems 165

Lock Picking Tools 167

Forensics Equipment 169

Communications Equipment 170

Scanners 171

Summary 175

9 Tales from the Front Line 177

SCADA Raiders 177

Night Vision 187

Unauthorized Access 197

Summary 204

10 Introducing Security Policy Concepts 207

Physical Security 208

Protectively Marked or Classified GDI Material 213

Protective Markings in the Corporate World 216

Communications Security 218

Staff Background Checks 221

Data Destruction 223

Data Encryption 224

Outsourcing Risks 225

Incident Response Policies 226

Summary 228

11 Counter Intelligence 229

Understanding the Sources of Information Exposure 230

Soc…