Physical Facility Penetration Testing
Physical access to systems, networks, and facilities can provide opportunities that remote network attacks can’t. In most cases, direct physical access is one of the best ways to gain higher-level access, making physical penetration tests a powerful tool in a pen-tester’s arsenal.
Physical penetration tests are also a very useful way to test the effectiveness of physical security controls like entry access systems, sensors and cameras, security procedures, and guards, as well as security training for staff. Much like network-based assessments, physical penetration tests require information gathering, analysis, exploitation, and reporting.
In previous chapters, you learned how to conduct open-source intelligence and passive reconnaissance. In addition to these techniques, a physical penetration test requires an on-site observation phase in which you document the facility, its environment, and visible controls. With a networked penetration...