![isn logo](/images/isn-logo.png)
Information Security News mailing list archives
'Kramer' Is In The Building
From: InfoSec News <alerts () infosecnews org>
Date: Mon, 18 May 2009 00:44:28 -0500 (CDT)
http://www.darkreading.com/blog/archives/2009/05/post_1.html By Steve Stasiukonis Hacked Off Dark Reading May 15, 2009 My firm, Secure Network Technologies, was recently hired by a large healthcare provider to perform a security assessment. As part of the job, my partner, Bob Clary, posed as an employee, similar to the "Seinfeld" episode in which Kramer shows up and works at a company where he was never actually hired. The job included both an internal and external network examination. The company had a significant number of internal systems, so being on the inside to perform the needed scanning helped considerably. The client also had moved into a new building and requested we test its physical security and social-engineer our way into the building to connect to the network. By leveraging the ability to be on the inside of the network, our vulnerability scanning and testing of its network security would be considerably more efficient. So Bob entered the building as if he were just another employee. Unlike other social-engineering efforts that require disguises, following the company dress code of business casual seemed appropriate. Bob wore his favored attire of blue jeans and t-shirt, accompanied by white sneakers. When he entered the building on day one, he walked by security and rode the elevator to the first available floor. Within minutes, he had located an empty cubicle, connected his laptop, and started scanning the network. On day two, he entered the building and successfully commandeered another floor and cubicle. Within the next few days, Bob was reserving conference rooms -- and in some cases, asking occupants to leave when they overstayed their reserved time. [...] -- LayerOne 2009, Information Security for the discerning professional. May 23-24 2009 @ The Anaheim Marriott in Anaheim, California Visit http://layerone.info for more information
Current thread:
- 'Kramer' Is In The Building InfoSec News (May 17)