Physical Penetration Testing (PPT)
- Author Asa Stevens
- Published November 24, 2010
- Word count 870
Why?
· To identify any weaknesses in the physical security of a company.
· To prove the current systems.
What is it that needs protecting?
· Information
· Product
· Systems
· Staff
What is a penetration test?
A Physical penetration test or PPT is a simulated attack against your company's security defences. It is designed to replicate an attack to see if your security can be compromised. The primary aim is to identify security weaknesses before real attackers have the chance to. Once security weaknesses have been identified, your organisation can start treating the associated risks.
An example attack may be to target a specific service, process or operation within your business, site or plant by using 'social engineering', or 'deception' e.g. an employee holds a secure door open for visitor or someone they do not know, but that person looks like they should be there, inspector, auditor etc, so what is the harm? 'Tailgating' as it is known, is a simple method of bypassing building security systems or following employees to lunch, eating near them, and taking notes.
Why conduct a PPT?
A PPT identifies the security weaknesses and strengths of a company's physical security. The goal of the test is to demonstrate the existence or absence of deficiencies concerning physical security. Penetration testing should be considered an important part of any ongoing security programme. These tests can be particularly useful in attracting the attention of senior
management. The results of a penetration test can show the organisational wide consequences of a breach and help to ensure buy-in from all levels of the organisation.
Remember "an ounce of prevention is worth a pound of cure"
Organisations typically conduct PPT with the aim of identifying vulnerabilities which could result in some form of loss. Loss may be specific to each business but there are some forms of loss that can apply to all businesses.
Immediate financial loss is obvious in the case of an attack to remove money or stock from an organisation. However, there can also be indirect costs associated with a security incident. For example, the cost associated with increased insurance premiums or the costs of possible regulatory breaches which could run into tens, if not hundreds, of thousands of pounds.
Losses are not just financial. An organisation can suffer significant reputation damages particularly in the food, pharmaceuticals and IT industries. A security breach could lead to a decrease in client trust which could then lead to a drop in sales.
PPT Execution
PPT is typically conducted using a structured approach around the following key phrases:
· Discovery
· Enumeration (listing of findings one by one)
· Vulnerability Mapping
· Exploitation
Each phase feeds into the next making it an integrated process.
Discovery
The discovery phase can be thought of as reconnaissance. The discovery process will aim to map out the attack for the test. The discovery phase will highlight possible attack vectors based on the information gathered.
Enumeration
The enumeration phase will gather more detailed information about the information gathered in the discovery phase such as detail of sensitive/vital information, product, systems and staff that can directly and/or immediately affect the operations of an organisation including access, information, product, systems and staff.
Vulnerability Mapping
The vulnerability mapping phase will attempt to identify weaknesses in the services/systems/procedures/facilities enumerated in the previous phase.
Once sufficient detail has been obtained, the tester can identify weaknesses in the service/system/procedure/facility being tested
This information can then be fed into the final test phase, exploitation.
Exploitation
The exploitation phase is designed to demonstrate that a security weakness exists and can be used by an attacker. The tester aims to compromise the system using a weakness identified in the previous phases, i.e. the testing officer could obtain unauthorised physical access to a facility using non-technical means.
Post PPT
The final and most important deliverable to an organisation who has commissioned a penetration test is the final report. The final report is so significant because it conveys and documents the security risks identified during the test in a way that is meaningful to the organisation.
A PPT report is likely to be read by senior management down through to junior managers who are responsible for remedial changes. A good PPT report will provide information for all the intended audience types.
What to consider when being PPT?
When an organisation decides to conduct a PPT there are several key points to consider prior to the commencement of the test:
· Use an independent security provider. They will be immune from internal distractions and are focussed on the key issues of your security.
· Seek demonstration of providers' experience. Proven experience will help to understand the providers' capabilities and will provide confidence in the providers' abilities.
· Ensure the testing provider utilises proven sting methodologies. Proven testing methodologies ensure that the tests being conducted will produce consistent and reliable results.
· Never utilise penetration tests as a substitute for an holistic security programme. A penetration test is an important part of your security programme, not a substitute for one.
A well planned PPT can help an organisation identify their security vulnerabilities. This pro-active approach can help identify risks before malicious attacks occur and protect an organisation from post attack fall-out.
For more information, visit the Impact Security website.
Article source: https://articlebiz.comRate article
Article comments
There are no posted comments.
Related articles
- The Role of Lighting Stores in Brampton: Shaping Spaces for the Future
- The Role of Commercial Cleaning Services in Auckland: A Comprehensive Guide
- Exploring the World of Chauffeur Service: Benefits, Challenges, and Best Practices
- Nerds and Geeks: They still live on!
- IQ Tests: History, Uses, and Choosing a Reliable Resource
- 8 Great Ways To Teach Kids About Oral Hygiene
- App Development as a Catalyst for Business Growth
- Costs of arranging a Mortgage in Spain
- TikTok and Instagram: Ways you will grow and learn.
- Mustang GT: Ford Motor Company is a Rising Force!
- 10 Ways to Transform Production Scheduling in Business Central
- Elevating Your Home with Bold Decor and Vintage Carved Doors
- The Ultimate Skin Care Guide for Every Weather
- Do I Need Insurance When I Rent a Boat?
- Casino Bonuses: How to Maximize Your Rewards and Enhance Your Gameplay
- Was Joseph Stalin a good or bad leader of the Soviet Union?
- Top 5 Slots with the Highest RTP: A Winning Guarantee or a Myth?
- The Thrill of the Hunt Discovering the World of Location-Based Entertainment
- How Much Is the Hermès Cleaning Fee?
- Does Hermès Offer Free Repairs?
- The history of gun control in Australia
- Digital Marketing
- How to Mix and Match: Tips for Building Versatile Outfits from Your Wardrobe
- The Significance of Commercial Cleaning Services in Auckland: A Key Element of the Modern Cleaning Industry
- How RTP Impacts Online Casino Gaming: A Guide for Players and Operators
- How Authentic Employee Reviews Boost Employer Branding
- How to Choose the Best Online Casino: 5 Simple Steps
- Guaranteed Auto Financing
- Transform The Mudroom for The Festive Season
- Rustic Thanksgiving Ambiance with Farmhouse-inspired Doors