- Shopping Bag ( 0 items )
Most IT security teams concentrate on keeping networks and systems safe from the outside – usually with the entire focus on firewalls, server configuration, application security, intrusion ...
Most IT security teams concentrate on keeping networks and systems safe from the outside – usually with the entire focus on firewalls, server configuration, application security, intrusion detection systems, and the like. But what if your attacker was on the inside? What if they were sitting at an employee’s computer, or placing a wireless access point hidden in a wiring closet or even roaming inside your server room?
Unauthorised Access provides the first guide to planning and performing physical penetration tests. Inside, IT security expert Wil Allsopp guides you through the entire process from gathering intelligence, getting inside, dealing with threats, staying hidden (often in plain sight) and getting access to networks and data. Learn to think like an attacker with topics that include:
1 The Basics of Physical Penetration Testing.
What Do Penetration Testers Do?
Security Testing in the Real World.
Legal and Procedural Issues.
Know the Enemy.
Engaging a Penetration Testing Team.
2 Planning Your Physical Penetration Tests.
Building the Operating Team.
Project Planning and Workflow.
Codes, Call Signs and Communication.
3 Executing Tests.
Common Paradigms for Conducting Tests.
Conducting Site Exploration.
Example Tactical Approaches.
Mechanisms of Physical Security.
4 An Introduction to Social Engineering Techniques.
Introduction to Guerilla Psychology.
Tactical Approaches to Social Engineering.
5 Lock Picking.
Lock Picking as a Hobby.
Introduction to Lock Picking.
Attacking Other Mechanisms.
6 Information Gathering.
Collecting Photographic Intelligence.
Finding Information From Public Sources and the Internet.
7 Hacking Wireless Equipment.
Wireless Networking Concepts.
Introduction to Wireless Cryptography.
Attacking a Wireless Client.
Mounting a Bluetooth Attack.
8 Gathering the Right Equipment.
The ‘‘Get of Jail Free’’ Card.
Photography and Surveillance Equipment.
Global Positioning Systems.
Lock Picking Tools.
9 Tales from the Front Line.
10 Introducing Security Policy Concepts.
Protectively Marked or Classified GDI Material.
Protective Markings in the Corporate World.
Staff Background Checks.
Incident Response Policies.
11 Counter Intelligence.
Understanding the Sources of Information Exposure.
Social Engineering Attacks.
Protecting Against Electronic Monitoring.
Protecting Against Tailgating and Shoulder Surfing.
Performing Penetration Testing.
Baseline Physical Security.
Appendix A: UK Law.
Computer Misuse Act.
Human Rights Act.
Regulation of Investigatory Powers Act.
Data Protection Act.
Appendix B: US Law.
Computer Fraud and Abuse Act.
Electronic Communications Privacy Act.
SOX and HIPAA.
Appendix C: EU Law.
European Network and Information Security Agency.
Data Protection Directive.
Appendix D: Security Clearances.
Clearance Procedures in the United Kingdom.
Levels of Clearance in the United Kingdom.
Levels of Clearance in the United States.
Appendix E: Security Accreditations.
Certified Information Systems Security Professional.
Communication–Electronics Security Group CHECK.
Global Information Assurance Certification.
INFOSEC Assessment and Evaluation.