Penetration Testing mailing list archives
Re: Physical Security - Pen Test
From: Marco Ivaldi <raptor () mediaservice net>
Date: Tue, 31 Mar 2009 12:27:14 +0200 (ora solare Europa occidentale)
Paul, On Mon, 30 Mar 2009, iadcc wrote:
Has anybody ever conducted a physical security penetration test? Do you have a sample test plan you used? I have formulated some Social Engineering tests we could try but anything else would be useful./
Just a few suggestions off the top of my head: http://www.isecom.info/mirror/osstmm.en.2.2.pdf http://www.isecom.org/osstmm3.HUMSEC.draft.pdf http://www.vulnerabilityassessment.co.uk/Penetration%20Test.html http://security.ucdavis.edu/physical_security.cfm http://csrc.nist.gov/groups/STM/cmvp/documents/fips140-3/physec/physecdoc.html http://csrc.nist.gov/publications/nistpubs/800-12/800-12-html/chapter15.html http://csrc.nist.gov/publications/nistpubs/800-115/SP800-115.pdf http://www.tuev-nord.com.ua/itgr/IT_grund/threat.pdf (see also www.bsi.de) http://seclists.org/pen-test/2004/Dec/0011.html (all thread)Watch out for OSSTMM 3.0, which will extensively cover PHYSSEC channel testing (encompassing both Human and Physical Security).
Cheers, -- Marco Ivaldi, OPST Lead Security Analyst Data Security Division @ Mediaservice.net Srl http://mediaservice.net/ ------------------------------------------------------------------------ This list is sponsored by: InfoSec InstituteNo time or budget for traveling to a training course in this fiscal year? Check out the online penetration testing courses available at InfoSec Institute. More than a boring "talking head", train in our virtual labs for a total hands-on training experience. Get the certs you need as well: CEH, CPT, CEPT, ECSA, LPT.
http://www.infosecinstitute.com/request_online_training.html ------------------------------------------------------------------------
Current thread:
- Re: Physical Security - Pen Test Neo (Apr 03)
- <Possible follow-ups>
- Re: Physical Security - Pen Test M.D.Mufambisi (Apr 03)
- RE: Physical Security - Pen Test Shenk, Jerry A (Apr 03)
- Re: Physical Security - Pen Test Marco Ivaldi (Apr 03)