Penetration Testing mailing list archives
Re: [PEN-TEST] Two cents on Phys-Testing
From: Drew Simonis <care227 () ATTGLOBAL NET>
Date: Mon, 21 Aug 2000 11:28:39 -0400
Mike Ireton wrote:
On Fri, 18 Aug 2000, J. Oquendo wrote:Now just think... I already had a co-worker in co-1's cage when I worked there so I could've easily opened co-2's cage slipped anything I wanted out of it, cut their network lines, anything and went to work in my cage without incident.I have exactly this problem right now. We have gear at a certain co-lo facillity where we have a cabinent and on those occasions when I have to physically go there for maintinence, I have noted lots of 'trust' happening that shouldn't. This facillity employs a card plus palm scan access system, but most of the time you can just wait by the door for someone to either come by and enter and then just follow them in, or just wait for someone to exit and catch the door.
I find that stanfding outside the front door smoking a cig is an easy way to get access to nearly any site. Everyone assumes that you have just "stepped outside for a smoke". Hell, at a few places people even take the time to hold the door for you. Politeness is indeed a major danger to security, and something to take advantage of in an overall penetration test.
Current thread:
- Re: [PEN-TEST] Two cents on Phys-Testing Drew Simonis (Aug 21)
- Re: [PEN-TEST] Two cents on Phys-Testing andy lowton (Aug 22)
- Re: [PEN-TEST] Two cents on Phys-Testing Missy, E (Aug 23)
- Re: [PEN-TEST] Two cents on Phys-Testing John (Aug 24)
- Re: [PEN-TEST] Two cents on Phys-Testing Missy, E (Aug 23)
- <Possible follow-ups>
- Re: [PEN-TEST] Two cents on Phys-Testing Meritt, Jim (Aug 21)
- Re: [PEN-TEST] Two cents on Phys-Testing andy lowton (Aug 22)