RE: physical security pentesting procedures, tips, audit programs?

From: Jerry Shenk (
Date: 12/04/04

  • Next message: m a: "exploiting BID 529"
    To: <>
    Date: Sat, 4 Dec 2004 13:12:24 -0500

    I would strongly recommend against DOSing anything. I'd only do that
    during a cooperative assessment. You really don't want to take some
    vital piece of equipment out while nobody really knows who you are. You
    might look for DOSable devices and suggest a return visit because it
    probably is something that should be addressed....especially if you can
    connect to the network from an unattended RJ45 jack or wireless

    -----Original Message-----
    From: Vic N []
    Sent: Friday, December 03, 2004 9:40 AM
    Subject: RE: physical security pentesting procedures, tips, audit

    >From: marc spamcatcher <>
    >Subject: physical security pentesting procedures, tips, audit programs?
    >Date: Wed, 1 Dec 2004 20:41:28 -0600 (CST)
    >I am performing a pentest of the physical security at a hospital. Can
    >anyone offer procedures, methodologies, tips, etc on this?

    I'd suggest you look at the challenge from the viewpoint of an
    patient left alone in an examination room. I've seen instances where IP
    are plainly labelled on wireless devices in public areas (such as an ER)
    these IP's match simple ARIN lookups (do the ARIN lookups before you go
      Patient rooms sometimes have multiple RJ45 jacks to secondary
    networks that could easily be plugged into. While it might not grant
    to information, gaining access to and DOS'ing a network that say
    access to vitals monitoring could be a hospitals worst nightmare (and to
    clear, I don't recommend doing it for a pen-test!) and should make your
    client take note.

    In this mode, I'm sure you'll see numerous HIPPA violations with
    workstations being left unlocked too. My experience has been that
    not separated from your possessions even in an ER situation (it's just
    in a bag and you hold on to it). A standard notebook w/wireless and an
    RJ-45 cable idling ready to go in a non-descript bag...

    If you go in as a non-critical patient needing observation and not as a
    "stranger" you're bound to be left unattended in the "hurry up and wait"

    nature of treatement and have more than a few minutes to test.

  • Next message: m a: "exploiting BID 529"