Physical security

We prefer not to trick people and manipulate people to demonstrate the need for physical security measures. This damages peoples trust and goodwill, doesn't deliver statistically significant results and strongly depend on the pentester's personality and capabilities (thus, rather testing the pentesters capabilities than the victims' awareness).

Following our approach on whitebox testing, we created a brainstormed list for customers with the need of physical assessments.

Brainstorming

You can suggest the following ideas to our customer and follow their requirements and whishes.

• Access cards
  • Technology / copying of access cards
  • Porter / access during day & night
  • Handling of guests
  • Handling of suppliers (craftsmen/cleaning/etc.)
• Securing the building and office rooms
  • Alarm system
• Network ports and devices
  • Printers
  • Info screens
  • Cameras
  • Integration into the network (802.1X / configuration / management)
• Protection of work devices against physical access
  • Hard drive encryption
  • PIN
• Access to sensitive areas
  • Network cabinets / server rooms (if available)
  • Safes
• Access to sensitive documents
  • Filing cabinets
  • Clean desk
  • Clean screen
  • Disposal of documents
    • In the office
    • Waste rooms
  • Disposal of storage media and devices
  • Document shredding
  • External storage media
• Wi‑Fi
  • Client Wi‑Fi
  • Guest Wi‑Fi
• Employee identification