Physical Penetration Test Information
The most basal form of Information Security is physical security. A failure of the physical security controls can immediately result in the theft of a laptop, access to an internal network, access to a wiring closet, or even access to a data center.
Physical Penetration Testing may include such activities as:
- Attempting to gain access to critical infrastructure or Executive area in a Control Center and/or Service Center;
- Attempting to gain access to any satellite facilities/branches.
Tailgating (similar to Piggybacking) is one means to compromise physical security by following somebody through a door meant to keep out intruders. Tailgating is actually a form of social engineering, whereby someone who is not authorized to enter a particular area does so by following closely behind someone who is authorized.
Physical Penetration Test Options
Dependent upon client objectives and request for attestation we may employ various Physical Penetration Testing techniques aligned with said objectives. The testing is intended to provide our client with assurance as it relates to various physical security controls including:
- Physical security perimeter (e.g., fencing, car barriers)
- Physical entry controls
- Guard posts/patrols
- Mechanical (gates, doors, locks, etc.)
- Electronic (key cards-magnetic, RFID, proximity, etc.; biometrics; etc.)
- Surveillance/Monitoring Techniques (e.g., Cameras/CCTV)
- Deterrents
- Alarms
- Security Lighting
- Intrusion Detection/Motion Sensors
- Office/desktop security
- Logging/Auditing
- Security of equipment off-premises
