Re: [PEN-TEST] Two cents on Phys-Testing

[Drew Simonis <care227 () ATTGLOBAL NET>]

Mike Ireton wrote:
> On Fri, 18 Aug 2000, J. Oquendo wrote:
> > Now just think... I already had a co-worker in co-1's cage when I
> > worked there so I could've easily opened co-2's cage slipped anything
> > I wanted out of it, cut their network lines, anything and went to work
> > in my cage without incident.
>
>         I have exactly this problem right now. We have gear at a certain
> co-lo facillity where we have a cabinent and on those occasions when I
> have to physically go there for maintinence, I have noted lots of 'trust'
> happening that shouldn't.  This facillity employs a card plus palm scan
> access system, but most of the time you can just wait by the door for
> someone to either come by and enter and then just follow them in, or just
> wait for someone to exit and catch the door.

I find that stanfding outside the front door smoking a cig is an
easy way to get access to nearly any site.  Everyone assumes that
you have just "stepped outside for a smoke".  Hell, at a few places
people even take the time to hold the door for you.  Politeness is
indeed a major danger to security, and something to take advantage
of in an overall penetration test.