Unauthorised Access Physical Penetration Testing For IT Security Teams
by Allsopp, WilEdition: 1st
Format: Paperback
Pub. Date: 2009-09-21
Publisher(s): Wiley
Other versions by this Author
List Price: $56.20
Buy New
Usually Ships in 2-3 Business Days
$53.52
Rent Book
Select for Price
Used Book
We're Sorry
Sold Out
eBook
We're Sorry
Not Available
How Marketplace Works:
- This item is offered by an independent seller and not shipped from our warehouse
- Item details like edition and cover design may differ from our description; see seller's comments before ordering.
- Sellers much confirm and ship within two business days; otherwise, the order will be cancelled and refunded.
- Marketplace purchases cannot be returned to eCampus.com. Contact the seller directly for inquiries; if no response within two days, contact customer service.
- Additional shipping costs apply to Marketplace purchases. Review shipping costs at checkout.
Summary
You have performed vulnerability and pen testing at the application level. You have implemented network security best practices, keep all systems patched and updated, and run regular network penetration tests. Firewalls are in place, wireless access points are secured. So, your network and precious data is safe, right?Wrong.Most IT security teams concentrate on keeping networks and systems safe from attacks from the outside. But what if your attacker was on the inside? What if they were inside your building sitting at an employee's computer, or hidden in a wiring closet or even sitting inside your server room?Unauthorised Access provides the first guide to planning and performing a physical penetration test. Inside, IT security expert Will Alsopp guides you through the entire process from gathering intelligence, getting inside, dealing with threats, staying hidden (often in plain sight) and getting access to networks and data. Learn to think like an attacker with topics that include: Complying with local law UK/EU/US Types of Target vs. Level of Anticipated Response. Dealing with guards Accessing building blueprints, satellite imagery and other intelligence Planting bugs, covert wireless access points Hacking security cameras. Eavesdropping on security channels. Defeating locks, electronic keypads and other electronic access systems Social engineering - the weakest link Using your Get Out of Jail Free Card Preparing the report and presenting to managementand more...
Author Biography
Wil Allsopp (Netherlands) is an IT security expert who has provided security audits for some of the largest companies in the UK including top tier banking, government and most of the Fortune 100. His job requires him to be part hacker, and part thief as companies hire him to probe their security measures to the extreme.
Table of Contents
| Preface | |
| Acknowledgements | |
| Foreword | |
| The Basics of Physical Penetration Testing | |
| What Do Penetration Testers Do? | |
| Security Testing in the Real World | |
| Legal and Procedural Issues | |
| Know the Enemy | |
| Engaging a Penetration Testing Team | |
| Summary | |
| Planning Your Physical Penetration Tests | |
| Building the Operating Team | |
| Project Planning and Workflow | |
| Codes, Call Signs and Communication | |
| Summary | |
| Executing Tests | |
| Common Paradigms for Conducting Tests | |
| Conducting Site Exploration | |
| Example Tactical Approaches | |
| Mechanisms of Physical Security | |
| Summary | |
| An Introduction to Social Engineering Techniques | |
| Introduction to Guerilla Psychology | |
| Tactical Approaches to Social Engineering | |
| Summary | |
| Lock Picking | |
| Lock Picking as a Hobby | |
| Introduction to Lock Picking | |
| Advanced Techniques | |
| Attacking Other Mechanisms | |
| Summary | |
| Information Gathering | |
| Dumpster Diving | |
| Shoulder Surfing | |
| Collecting Photographic Intelligence | |
| Finding Information From Public Sources and the Internet | |
| Electronic Surveillance | |
| Covert Surveillance | |
| Summary | |
| Hacking Wireless Equipment | |
| Wireless Networking Concepts | |
| Introduction to Wireless Cryptography | |
| Cracking Encryption | |
| Attacking a Wireless Client | |
| Mounting a Bluetooth Attack | |
| Summary | |
| Gathering the Right Equipment | |
| The ''Get of Jail Free'' Card | |
| Photography and Surveillance Equipment | |
| Computer Equipment | |
| Wireless Equipment | |
| Global Positioning Systems | |
| Lock Picking Tools | |
| Forensics Equipment | |
| Communications Equipment | |
| Scanners | |
| Summary | |
| Tales from the Front Line | |
| SCADA Raiders | |
| Night Vision | |
| Unauthorized Access | |
| Summary | |
| Introducing Security Policy Concepts | |
| Physical Security | |
| Protectively Marked or Classified GDI Material | |
| Protective Markings in the Corporate World | |
| Communications Security | |
| Staff Background Checks | |
| Data Destruction | |
| Data Encryption | |
| Outsourcing Risks | |
| Incident Response Policies | |
| Summary | |
| Counter Intelligence | |
| Understanding the Sources of Information Exposure | |
| Social Engineering Attacks | |
| Protecting Against Electronic Monitoring | |
| Securing Refuse | |
| Protecting Against Tailgating and Shoulder Surfing | |
| Performing Penetration Testing | |
| Baseline Physical Security | |
| Summary | |
| UK Law | |
| Computer Misuse Act | |
| Human Rights Act | |
| Regulation of Investigatory Powers Act | |
| Data Protection Act | |
| US Law | |
| Computer Fraud and Abuse Act | |
| Electronic Communications Privacy Act | |
| SOX and HIPAA | |
| EU Law | |
| European Network and Information Security Agency | |
| Data Protection Directive | |
| Security Clearances | |
| Clearance Procedures in the United Kingdom | |
| Levels of Clearance in the United Kingdom | |
| Levels of Clearance in the United States | |
| Security Accreditations | |
| Certified Information Systems Security Professional | |
| Communication-Electronics Security Group CHECK | |
| Global Information Assurance Certification | |
| INFOSEC Assessment and Evaluation | |
| Index | |
| Table of Contents provided by Publisher. All Rights Reserved. |
An electronic version of this book is available through VitalSource.
This book is viewable on PC, Mac, iPhone, iPad, iPod Touch, and most smartphones.
By purchasing, you will be able to view this book online, as well as download it, for the chosen number of days.
Digital License
You are licensing a digital product for a set duration. Durations are set forth in the product description, with "Lifetime" typically meaning five (5) years of online access and permanent download to a supported device. All licenses are non-transferable.
More details can be found here.
A downloadable version of this book is available through the eCampus Reader or compatible Adobe readers.
Applications are available on iOS, Android, PC, Mac, and Windows Mobile platforms.
Please view the compatibility matrix prior to purchase.