Re: physical security pentesting procedures, tips, audit programs?

[nicola () softech it]

On Thu, 2004-09-12 at 21.18, Frank Knobbe wrote:

> Sure, but you show it to management/sponsor. You don't show it to the
> people affected unless they are involved in a test (like branch managers
> having you detained in their office).

> Penetration Testing is all about showing flaws, but to the sponsor, not
> the folks who commit the violations. It's the responsibility of the
> sponsors to take action in a way they see fit.

> Discretion is paramount in these engagements. You just don't leave stuff
> behind.

I'm agree with Frank...in a physical security test, discretion is very
important..then, what about using the so called "password pen"?

Watch this:
http://www.softwareandstuff.com/CES10368.html

With this pen you can write on any surface with invisible to the naked eye
ink; when you point an UV light on the area you wrote, your tag will
appear.
Imho discreet and effective.

Bye
Nicola