Penetration Testing mailing list archives
RE: physical security pentesting procedures, tips, audit programs?
From: Frank Knobbe <frank () knobbe us>
Date: Thu, 09 Dec 2004 14:05:21 -0600
On Tue, 2004-12-07 at 14:56, Todd Towles wrote:
Very good idea xyberpix, I like the business card idea. Growing off of xyberpix's idea - If you have time...write the date and the time on the back of the card while placing it. The dates could be written on the cards beforehand to reduce the time it takes. Then you will have a written account of time you were in a area.
Uhm, very bad idea in my opinion. I do not believe that your sponsor (usually management) would appreciate if you let the employees, or even public, know how far you compromised the security and how weak it looks. Imagine doctors and/or patients spreading the story of janitors going around leaving calling card that "they were there". You might as well put up posters that say "Your security sucks". Would have the same effect on your sponsor, which will undoubtedly "shorten your final engagement". Instead of leaving cards/clues that you were there, I recommend you take pictures with a digital camera. When we do physical security checks, we document the violations in the report with the pictures as proof (like a stack of sensitive documents sitting unguarded in the hallway, unlocked cabinets, or the all time favorite, logged-in administrator/supervisor workstations :) A picture speaks more than a thousand words. But you should keep your findings confidential and only disclose it to your sponsor. You owe him that much at least. Regards, Frank
Attachment:
signature.asc
Description: This is a digitally signed message part
Current thread:
- physical security pentesting procedures, tips, audit programs? marc spamcatcher (Dec 02)
- Re: physical security pentesting procedures, tips, audit programs? ctg (Dec 03)
- RE: physical security pentesting procedures, tips, audit programs? Eric Greenberg (Dec 07)
- RE: physical security pentesting procedures, tips, audit programs? Vic N (Dec 03)
- RE: physical security pentesting procedures, tips, audit programs? Jerry Shenk (Dec 07)
- Re: physical security pentesting procedures, tips, audit programs? Don Lord (Dec 07)
- RE: physical security pentesting procedures, tips, audit programs? xyberpix (Dec 07)
- RE: physical security pentesting procedures, tips, audit programs? Jerry Shenk (Dec 07)
- Re: physical security pentesting procedures, tips, audit programs? Jose Maria Lopez (Dec 09)
- <Possible follow-ups>
- RE: physical security pentesting procedures, tips, audit programs? Todd Towles (Dec 07)
- RE: physical security pentesting procedures, tips, audit programs? Frank Knobbe (Dec 09)
- RE: physical security pentesting procedures, tips, audit programs? Todd Towles (Dec 09)
- RE: physical security pentesting procedures, tips, audit programs? Todd Towles (Dec 09)
- RE: physical security pentesting procedures, tips, audit programs? xyberpix (Dec 09)
- RE: physical security pentesting procedures, tips, audit programs? Frank Knobbe (Dec 09)
- Re: physical security pentesting procedures, tips, audit programs? nicola (Dec 12)
- Re: physical security pentesting procedures, tips, audit programs? ctg (Dec 03)