LPTv4 module 29 physical security penetration testing

Reproduction is Strictly Prohibited 10 • Test if the company has a physical security policy... Steps in Conducting Physical Security Penetration Testing cont’d 11 • Physical assets Pene

Trang 1

ECSA/ LPT

EC-Council

Physical Security Pen etration Testin g

Trang 2

Penetration Testing Roadmap

Penetration Testing

Internal Network

IDS

Wireless Network

Denial of Service

Password Cracking

Stolen Laptop, PDAs and Cell Phones

Social Engineering Application

Trang 3

Penetration Testing Roadmap

War Dialing VPN

Log Management

File Integrity Checking

Blue Tooth and Hand held Device

Telecommunication And Broadband Communication

Email Security

Security Patches

Trang 4

Physical Attacks

Firewalls cannot be a deterrent against physical intrusions

Information assets cannot be safeguarded if proper physical

security measures are not in place

Attackers/intruders can copy all important password files to a

Trang 5

Steps in Conducting Physical Security Penetration Testing

1 • Map the possible entrances

Security Penetration Testing

2 • Map the physical perimeter

3 • Penetrate locks used by the gates, door and closets

4 • Overviewing from outside

5 • Penetrate server rooms, cabling, and wires

6 • Attempt lock picking techniques

7 • Fire detection systems

8 • Air conditioning systems

9 • Electromagnetic interception

EC-Council

10 • Test if the company has a physical security policy

Trang 6

Steps in Conducting Physical Security

Penetration Testing (cont’d)

11 • Physical assets

Penetration Testing (cont d)

12 • Risk test

13 • Test if any valuable paper document is kept at the facility

14 • Check how these documents are protected

15 • Employee access

16 • Test for radio frequency ID (RFID)

17 • Physical access to facilities

Trang 7

21 • Test fire doors

22 • Check for active network jacks in meeting rooms

23 • Check for active network jacks in the company lobby

23

24 • Check for sensitive information lying around meeting rooms

• Check for receptionist/guard leaving lobby

25 Check for receptionist/guard leaving lobby

26 • Check for accessible printers at the lobby – print test page

Ob i h / l li i f h l bb i i

27 • Obtain phone/personnel listing from the lobby receptionist

28 • Listen to employee conversation in communal areas/cafeteria

EC-Council

29 • Can you enter the ceiling space and enter secure rooms?

Trang 8

30 • Check windows/doors for visible alarm senses

31 • Check visible areas for sensitive information

32 • Try to shoulder surf users logging on

32

33 • Try to videotape users logging on

• Check if exterior doors are guarded and monitored

34 Check if exterior doors are guarded and monitored

35 • Check guard patrol routines for holes in the coverage

36 • Intercept and analyze guard communication

37 • Attempt piggybacking on guarded doors

EC-Council

38 • Attempt to use fake ID to gain access

Trang 9

39 • Test “after office hours” entry methods

40 • Identify all unguarded entry points

41 • Check for unsecure doors

4

42 • Check for unsecure windows

• Attempt to bypass sensors configured on doors and windows

43 Attempt to bypass sensors configured on doors and windows

44 • Attempt dumpster diving outside the company trash area

bi l f id h b ildi d if i h i i i id

45 • Use binoculars from outside the building and see if you can view what is going on inside

46 • Use active high frequency voice sensors to hear private conversation among company staff

EC-Council

47 • Dress as a FedEx/UPS employee and try to gain access to the building

Trang 10

Step 1: Map the Possible

Trang 11

Step 2: Map the Physical

Trang 12

Step 3: Penetrate Locks Used on the Gates, Doors, and Closets

Try to penetrate locks

You will need lock picking tools to accomplish this task

EC-Council

Trang 13

Step4: Observing From a

Distance

U t l h t h f h t hi d t

Use telephotography for photographing documents

Capture the documents from any position at an angle >15

degree above horizontal

EC-Council

Trang 14

Step 5: Penetrate Server Rooms,

Cabling and Wires

Penetrate server rooms

EC-Council

Trang 15

Step 6: Attempt Lock Picking

Techniques

A l k i ki Attempt lock picking

EC-Council

Trang 16

Step 7: Fire Detection Systems

What happens if the fire alarm is pp

triggered?

A skilled hacker can easily steal y

computers and laptops in a panic

situation.

Check the fire alarm system policies and

procedures within the company.

EC-Council

Trang 17

Step 8: Air Conditioning Systems

Check the air conditioning systems for possible penetration attempts

Trang 18

Step 9: Electromagnetic

Interception

An attacker using an antenna an a receiver can monitor and retrieve

classified or sensitive information as it is being processed without the

user being aware that a loss is occurring

Bug a telephone line inside the building and see if you can pick up the

signals from outside the building using frequency receivers

EC-Council

Trang 19

Check for the Following

Physical access to facilities

Physical access to secure areas within facilities

Ph i l t ti (

Physical access to computing resources (e.g.,

workstations, laptop computers)

Physical access to paper records y p p

EC-Council

Trang 20

Step 10: Test if the Company has

Without a physical security policy, there are no formal requirements

for what is to be done to physically secure the company

An employee will not necessarily know what to do from a physical

Trang 21

Step 11: Physical Assets

Assess the value of physical assets (e.g., computers, equipment,

Trang 22

Step 12: Risk Test

The risk associated with physical security at a given facility is

largely dependent on the value of the items inside the facility.

EC-Council

Trang 23

Step 13: Test if any Valuable Paper Document is Kept at the Facility p y

Sensitive documents should be kept in safes, lockers, and so on

EC-Council

Trang 24

Step 14: Check how these Documents are Protected

How are they protected?

What physical access measures have been taken to prevent

unauthorized access to paper documents?

Are sensitive paper documents shredded before they are thrown away?

What would the impact be to the company if unauthorized individuals

accessed these documents?

EC-Council

accessed these documents?

Trang 25

Step 15: Employee Access

Employee access to sensitive facilities in the organization should be

Trang 26

Step 16: Test for Radio Frequency

Trang 27

Step 17: Physical Access to

Facilities

is controlled for employees,

contractors, visitors, etc

What physical security measures

exist at the perimeter or when

EC-Council

Trang 28

Step 18: Documented Process

Check if there is a documented process for granting

access for contractors.

EC-Council

Trang 29

Step 19: Test People in the

Trang 30

Step 20: Who is Authorized?

Test if current list of individuals authorized to physically access

the facilities exist?

Is this list periodically reviewed and purged so that any inactive

or terminated personnel’s access is removed?

EC-Council

Trang 31

Step 21: Test Fire Doors

Test fire doors periodically to ensure that the

alarm works properly

Unauthorized individuals can gain access to

facilities without anyone noticing and can cause

damage, steal, or do something to disrupt

Trang 32

Step 22: Check for Active Network Jacks in Meeting Rooms

Try to attach a wireless access point so that you can access

the network from outside.

Make sure you use an AP device that is not easy for

anyone in the organization to detect.

Make sure that you mark the jack with your own code

This will help you to prove that you have indeed breached

the physical security and entered in the work area.

Identify the active network jacks that are not in use and

Trang 33

Step 23: Check for Active Network

Jacks in Company Lobby

Check for active network jacks in company

Trang 34

Step 24: Check for Sensitive Information

Lying around Meeting Rooms y g g

Check for:

• Papers/electronic media left in conference rooms

• Notes or other important details lying in the meeting

Trang 35

Step 25: Check for Receptionist/Guard

Leaving Lobby

Check for receptionist/guard leaving lobby

Note the timings of their absence g

EC-Council

Trang 36

Step 26: Check for Accessible Printers

at the Lobby – Print Test Page

Check for printers in

Trang 37

Step 27: Obtain Phone/Personnel Listing from the Lobby Receptionist

Obtain phone/personnel listing from the lobby receptionist

Obtain the phone extension numbers of the employees from the

receptionist using your social engineering skills

EC-Council

Trang 38

Step 28: Listen to Employee Conversation

in Communal Areas/Cafeteria /

Listen to employee conversation in communal

areas/cafeteria

You will be able to note down the latest

projects going on within the company the

projects going on within the company, the

names of key personnel involved in the

Trang 39

Step 29: Can you Enter the Ceiling Space and Enter Secure Rooms

Check if:

• The ceiling is secure

• You can break into secure rooms through the ceiling

Trang 40

Step 30: Check Windows/Doors

for Visible Alarm Senses

Check windows/doors for visible alarm senses

Check if the alarms are working

Check if the windows/doors do not allow place for an intruder to hide

EC-Council

Trang 41

Step 31: Check Visible Areas for

Sensitive Information

Check visible areas for sensitive information such as accounts and

passwords written on whiteboards or pasted on monitors.

EC-Council

Trang 42

Step 32: Try to Shoulder Surf

Trang 43

Step 33: Try to Videotape Users

Logging on

Try to videotape users logging on.

Your mini handycam/latest mobile

device with camera may come handy! y y

EC-Council

Trang 45

Step 36: Intercept and Analyze

Guard Communication

Intercept and analyze guard communication

Determine if the conversation methods can be used to aid

Trang 46

Step 37: Attempt Piggybacking on

Guarded Doors

Attempt to closely follow employees into the building without

having to show valid credentials

EC-Council

Trang 47

Step 38: Attempt to Use Fake ID

to Gain Access

It is easy to create an ID that looks authentic.

Such IDs that are not original are used by attackers

to show-off that they are real.

Using such fake IDs, people enter into the

office/restricted areas by getting along in with

authentic staff.

Attempt to mange to enter into access restricted

areas by producing fake ID.

EC-Council

Trang 48

Step 39: Test “ After Office Hours” Entry Methods

Trang 49

Step 40: Identify all Unguarded

Entry Points

Identify all unguarded entry points:

• Are doors secured?

Identify all unguarded entry points:

• Check locks for resistance to lock picking

EC-Council

Trang 50

Step 41: Check for Unsecure

Trang 51

Step 42: Check for Unsecure

Windows

Check if entry is possible through windows

Check if entry is possible through windows.

Test if the locks of windows are functioning properly.

EC-Council

Trang 52

Step 43: Attempt to Bypass Sensors Configured on Doors and Windows

Check if:

• The sensors are fixed properly

• You can enter into doors and windows

Trang 53

Step 44: Attempt Dumpster Driving Outside the Company Trash Area

Attempt to retrieve any useful information This may include printed

Trang 54

Step 45: Use Binoculars from Outside the Building and See if you can View What is Going On Inside y g

Check whether you can peek into the office through the glass windows

Use binoculars from outside the building and see if you can view what

Trang 55

Step 46: Use Active High Frequency Voice Sensors to Hear Private Conversation among Company Staff g p y

Identify locations where the staff usually spend time to converse in private.

Place active high frequency voice sensors in such places to hear

private conversation among company staff.

EC-Council

Trang 56

Step 47: Dress as a FedEx/UPS Employee and Try to Gain Access to the Building y g

Employees trust courier companies and usually allow them inside the

b ildi

building

The trick here is to dress up like a courier company carrying a package

and displaying a courier company ID

You can easily sneak pass security guards

EC-Council

Trang 57

Documented process and authorized people

Trang 58

EC-Council

Trang 59

EC-Council

Định dạng
Số trang	59
Dung lượng	2,57 MB