Description
Book SynopsisA guide to planning and performing a physical penetration test on your computer's security. It guides you through the entire process from gathering intelligence, getting inside, dealing with threats, staying hidden (often in plain sight), and getting access to networks and data.
Table of ContentsPreface xi
Acknowledgements xv
Foreword xvii
1 The Basics of Physical Penetration Testing 1
What Do Penetration Testers Do? 2
Security Testing in the Real World 2
Legal and Procedural Issues 4
Know the Enemy 8
Engaging a Penetration Testing Team 9
Summary 10
2 Planning Your Physical Penetration Tests 11
Building the Operating Team 12
Project Planning and Workflow 15
Codes, Call Signs and Communication 26
Summary 28
3 Executing Tests 29
Common Paradigms for Conducting Tests 30
Conducting Site Exploration 31
Example Tactical Approaches 34
Mechanisms of Physical Security 36
Summary 50
4 An Introduction to Social Engineering Techniques 51
Introduction to Guerilla Psychology 53
Tactical Approaches to Social Engineering 61
Summary 66
5 Lock Picking 67
Lock Picking as a Hobby 68
Introduction to Lock Picking 72
Advanced Techniques 80
Attacking Other Mechanisms 82
Summary 86
6 Information Gathering 89
Dumpster Diving 90
Shoulder Surfing 99
Collecting Photographic Intelligence 102
Finding Information From Public Sources and the Internet 107
Electronic Surveillance 115
Covert Surveillance 117
Summary 119
7 Hacking Wireless Equipment 121
Wireless Networking Concepts 122
Introduction to Wireless Cryptography 125
Cracking Encryption 131
Attacking a Wireless Client 144
Mounting a Bluetooth Attack 150
Summary 153
8 Gathering the Right Equipment 155
The ‘‘Get of Jail Free’’ Card 155
Photography and Surveillance Equipment 157
Computer Equipment 159
Wireless Equipment 160
Global Positioning Systems 165
Lock Picking Tools 167
Forensics Equipment 169
Communications Equipment 170
Scanners 171
Summary 175
9 Tales from the Front Line 177
SCADA Raiders 177
Night Vision 187
Unauthorized Access 197
Summary 204
10 Introducing Security Policy Concepts 207
Physical Security 208
Protectively Marked or Classified GDI Material 213
Protective Markings in the Corporate World 216
Communications Security 218
Staff Background Checks 221
Data Destruction 223
Data Encryption 224
Outsourcing Risks 225
Incident Response Policies 226
Summary 228
11 Counter Intelligence 229
Understanding the Sources of Information Exposure 230
Social Engineering Attacks 235
Protecting Against Electronic Monitoring 239
Securing Refuse 240
Protecting Against Tailgating and Shoulder Surfing 241
Performing Penetration Testing 242
Baseline Physical Security 245
Summary 247
Appendix A: UK Law 249
Computer Misuse Act 249
Human Rights Act 251
Regulation of Investigatory Powers Act 252
Data Protection Act 253
Appendix B: US Law 255
Computer Fraud and Abuse Act 255
Electronic Communications Privacy Act 256
SOX and HIPAA 257
Appendix C: EU Law 261
European Network and Information Security Agency 261
Data Protection Directive 263
Appendix D: Security Clearances 265
Clearance Procedures in the United Kingdom 266
Levels of Clearance in the United Kingdom 266
Levels of Clearance in the United States 268
Appendix E: Security Accreditations 271
Certified Information Systems Security Professional 271
Communication–Electronics Security Group CHECK 272
Global Information Assurance Certification 274
INFOSEC Assessment and Evaluation 275
Index 277
