Re: physical security pentesting procedures, tips, audit programs?

nicola_at_softech.it
Date: 12/11/04

  • Next message: David Bouchard: "Laptop Considerations"
    Date: Sat, 11 Dec 2004 15:03:13 +0100 (CET)
    To: pen-test@securityfocus.com
    
    

    On Thu, 2004-09-12 at 21.18, Frank Knobbe wrote:

    > Sure, but you show it to management/sponsor. You don't show it to the
    > people affected unless they are involved in a test (like branch managers
    > having you detained in their office).

    > Penetration Testing is all about showing flaws, but to the sponsor, not
    > the folks who commit the violations. It's the responsibility of the
    > sponsors to take action in a way they see fit.

    > Discretion is paramount in these engagements. You just don't leave stuff
    > behind.

    I'm agree with Frank...in a physical security test, discretion is very
    important..then, what about using the so called "password pen"?

    Watch this:
    http://www.softwareandstuff.com/CES10368.html

    With this pen you can write on any surface with invisible to the naked eye
    ink; when you point an UV light on the area you wrote, your tag will
    appear.
    Imho discreet and effective.

    Bye
    Nicola


  • Next message: David Bouchard: "Laptop Considerations"