Unauthorised Access : Physical Penetration Testing for IT Security Teams
by Wil AllsoppFormat: eBook
Pub. Date: 2009-08-01
Publisher(s): Wiley
Availability: This title is currently not available.
Other versions by this Author
List Price: $45.00
Rent Textbook
Select for Price
New Textbook
We're Sorry
Sold Out
Used Textbook
We're Sorry
Sold Out
eTextbook
We're Sorry
Not Available
Summary
The first guide to planning and performing a physical penetration test on your computer's securityMost IT security teams concentrate on keeping networks and systems safe from attacks from the outside-but what if your attacker was on the inside? While nearly all IT teams perform a variety of network and application penetration testing procedures, an audit and test of the physical location has not been as prevalent. IT teams are now increasingly requesting physical penetration tests, but there is little available in terms of training. The goal of the test is to demonstrate any deficiencies in operating procedures concerning physical security.Featuring a Foreword written by world-renowned hacker Kevin D. Mitnick and lead author of The Art of Intrusion and The Art of Deception, this book is the first guide to planning and performing a physical penetration test. Inside, IT security expert Wil Allsopp guides you through the entire process from gathering intelligence, getting inside, dealing with threats, staying hidden (often in plain sight), and getting access to networks and data. Teaches IT security teams how to break into their own facility in order to defend against such attacks, which is often overlooked by IT security teams but is of critical importance Deals with intelligence gathering, such as getting access building blueprints and satellite imagery, hacking security cameras, planting bugs, and eavesdropping on security channels Includes safeguards for consultants paid to probe facilities unbeknown to staff Covers preparing the report and presenting it to managementIn order to defend data, you need to think like a thief-let Unauthorised Access show you how to get inside.
Table of Contents
| Preface | |
| Acknowledgements | |
| Foreword | |
| The Basics of Physical Penetration Testing | |
| What Do Penetration Testers Do? | |
| Security Testing in the Real World | |
| Legal and Procedural Issues | |
| Know the Enemy | |
| Engaging a Penetration Testing Team | |
| Summary | |
| Planning Your Physical Penetration Tests | |
| Building the Operating Team | |
| Project Planning and Workflow | |
| Codes, Call Signs and Communication | |
| Summary | |
| Executing Tests | |
| Common Paradigms for Conducting Tests | |
| Conducting Site Exploration | |
| Example Tactical Approaches | |
| Mechanisms of Physical Security | |
| Summary | |
| An Introduction to Social Engineering Techniques | |
| Introduction to Guerilla Psychology | |
| Tactical Approaches to Social Engineering | |
| Summary | |
| Lock Picking | |
| Lock Picking as a Hobby | |
| Introduction to Lock Picking | |
| Advanced Techniques | |
| Attacking Other Mechanisms | |
| Summary | |
| Information Gathering | |
| Dumpster Diving | |
| Shoulder Surfing | |
| Collecting Photographic Intelligence | |
| Finding Information From Public Sources and the Internet | |
| Electronic Surveillance | |
| Covert Surveillance | |
| Summary | |
| Hacking Wireless Equipment | |
| Wireless Networking Concepts | |
| Introduction to Wireless Cryptography | |
| Cracking Encryption | |
| Attacking a Wireless Client | |
| Mounting a Bluetooth Attack | |
| Summary | |
| Gathering the Right Equipment | |
| The ''Get of Jail Free'' Card | |
| Photography and Surveillance Equipment | |
| Computer Equipment | |
| Wireless Equipment | |
| Global Positioning Systems | |
| Lock Picking Tools | |
| Forensics Equipment | |
| Communications Equipment | |
| Scanners | |
| Summary | |
| Tales from the Front Line | |
| SCADA Raiders | |
| Night Vision | |
| Unauthorized Access | |
| Summary | |
| Introducing Security Policy Concepts | |
| Physical Security | |
| Protectively Marked or Classified GDI Material | |
| Protective Markings in the Corporate World | |
| Communications Security | |
| Staff Background Checks | |
| Data Destruction | |
| Data Encryption | |
| Outsourcing Risks | |
| Incident Response Policies | |
| Summary | |
| Counter Intelligence | |
| Understanding the Sources of Information Exposure | |
| Social Engineering Attacks | |
| Protecting Against Electronic Monitoring | |
| Securing Refuse | |
| Protecting Against Tailgating and Shoulder Surfing | |
| Performing Penetration Testing | |
| Baseline Physical Security | |
| Summary | |
| UK Law | |
| Computer Misuse Act | |
| Human Rights Act | |
| Regulation of Investigatory Powers Act | |
| Data Protection Act | |
| US Law | |
| Computer Fraud and Abuse Act | |
| Electronic Communications Privacy Act | |
| SOX and HIPAA | |
| EU Law | |
| European Network and Information Security Agency | |
| Data Protection Directive | |
| Security Clearances | |
| Clearance Procedures in the United Kingdom | |
| Levels of Clearance in the United Kingdom | |
| Levels of Clearance in the United States | |
| Security Accreditations | |
| Certified Information Systems Security Professional | |
| Communication-Electronics Security Group CHECK | |
| Global Information Assurance Certification | |
| INFOSEC Assessment and Evaluation | |
| Index | |
| Table of Contents provided by Publisher. All Rights Reserved. |
An electronic version of this book is available through VitalSource.
This book is viewable on PC, Mac, iPhone, iPad, iPod Touch, and most smartphones.
By purchasing, you will be able to view this book online, as well as download it, for the chosen number of days.
Digital License
You are licensing a digital product for a set duration. Durations are set forth in the product description, with "Lifetime" typically meaning five (5) years of online access and permanent download to a supported device. All licenses are non-transferable.
More details can be found here.
A downloadable version of this book is available through the eCampus Reader or compatible Adobe readers.
Applications are available on iOS, Android, PC, Mac, and Windows Mobile platforms.
Please view the compatibility matrix prior to purchase.