Billions
of dollars are spent globally on technical controls for information
security. Most, if not all, of these controls can be overridden by the
implicit trust that someone with physical access has to a system. Yet,
physical security is often the easiest control to circumvent.
This talk will focus on ways a legal,
ethical, and authorized penetration tester can prepare themselves to
inspire trust in those protecting their target allowing them to gain
access to protected areas.
This talk will look at the physical
signs that someone doesn’t belong in an area and how to create a persona
that “belongs”.
During the talk we will compare different outfits and
uniforms used by workers who would be expected to be in controlled
areas. The talk will also look at paralanguage and body language that
can be used to put people at ease.
The talk will cover:
- Why physical access controls are critical
- Tales of “Physical Access Gone Wrong”
- Uniforms, attire, and details that give away an imposter
- Paralanguage – What to say to put people at ease
- Body language – What to do to put people at ease
- “The Getaway” – How to get out gracefully
- Preventing Interlopers – What can you do to stop attackers using these techniques
By the end of the talk the audience
should be able to leverage these techniques to test their own security
program, bolster their approved penetration testing program, and develop
new controls to prevent physical attackers.
Slides in PDF can be found here:
Great presentation: bit.ly/1XMWyVr Thanks for sharing this info, Ean!
ReplyDelete