Penetration Tests
Penetration Testing: A physical penetration test is a non-invasive, comprehensive assessment of the physical measures and procedures in place at a facility/location.
The purpose of a physical penetration test is to audit the fortification and resilience of security measures on a site, verifying documentation and operating procedures and to identify weaknesses and vulnerabilities to such through exploitation in an auditable manner.
Evidence obtained through this process can help senior management implement mitigation to reduce the effect of incidents, lost time, negative publicity and accidents, ensuring profit protection through their loss prevention and health and safety strategies.
Penetration tests are carried out by the specialist services department and utilise a combination of experienced surveillance operatives and specific technology to aid the process. Such technology may include infrared and thermal imagery, Unmanned Aerial Systems (UAS), GPS tracking and parabolic microphones, to name a few. The recommended use of equipment will always be discussed and agreed with the client during the planning phases.
During operational planning, we will liaise with the local relevant emergency services and ensure that the plans and objectives are logged against relevant databases. Prior to starting and on completion of the test, the relevant agencies will be informed to ensure that unnecessary resource is not directed to the site, in response of the test.
The penetration test can be embedded into a full threat-risk assessment or as a standalone task. A Threat-Risk Assessment (TRA) is a comprehensive report compiled to assess and identify specific security weaknesses in structure, design, manning, contractors, suppliers, geographical siting and IT systems which could be exploited to have an impact on the likelihood of a threat against the client or its business.
The purpose of a physical penetration test is to audit the fortification and resilience of security measures on a site, verifying documentation and operating procedures and to identify weaknesses and vulnerabilities to such through exploitation in an auditable manner.
Evidence obtained through this process can help senior management implement mitigation to reduce the effect of incidents, lost time, negative publicity and accidents, ensuring profit protection through their loss prevention and health and safety strategies.
Penetration tests are carried out by the specialist services department and utilise a combination of experienced surveillance operatives and specific technology to aid the process. Such technology may include infrared and thermal imagery, Unmanned Aerial Systems (UAS), GPS tracking and parabolic microphones, to name a few. The recommended use of equipment will always be discussed and agreed with the client during the planning phases.
During operational planning, we will liaise with the local relevant emergency services and ensure that the plans and objectives are logged against relevant databases. Prior to starting and on completion of the test, the relevant agencies will be informed to ensure that unnecessary resource is not directed to the site, in response of the test.
The penetration test can be embedded into a full threat-risk assessment or as a standalone task. A Threat-Risk Assessment (TRA) is a comprehensive report compiled to assess and identify specific security weaknesses in structure, design, manning, contractors, suppliers, geographical siting and IT systems which could be exploited to have an impact on the likelihood of a threat against the client or its business.
Penetration tests are divided into two categories; Cyber and Physical. Within each category are sub sections as follows:
A penetration test will audit the fortification and security posture of a site, measuring and stress testing the mitigation in situ, such as:
- CCTV
- lighting
- streetscape
- access control
- manned presence
- processes and procedures
- documentation
- standards, deportment and expectation
- control of sensitive information
- any other factor bolstering the security resilience.
Vulnerabilities are exposed through physical auditing, therefore providing opportunity to indorse change before the exposure is exploited by an adversary.
Evidence obtained through this process can help senior management implement mitigation to reduce the effect of incidents, lost time, negative publicity and accidents, ensuring profit protection through their loss prevention and health and safety strategies.
Evidence obtained through this process can help senior management implement mitigation to reduce the effect of incidents, lost time, negative publicity and accidents, ensuring profit protection through their loss prevention and health and safety strategies.
The Process
Methodology
Passive Reconnaissance
|
Passive Reconnaissance is the collation of data regarding the target, available through the use of public tools such as Google Earth. The purpose is to build a picture of the environment and demographical region around the site.
|
Open Source Intelligence (OSINT)
|
Open Source Intelligence gathers intelligence about the target, its people and specifics about the environment. Utilising a different set of public tools, such as social networks, job boards, etc. This process provides specific information on the target and its operations.
|
Active Reconnaissance
|
Active Reconnaissance is the gathering of intelligence remotely, generally this includes telephoning, emailing or otherwise directly querying target staff or vendors of the target to exploit information not available through passive means.
|
Covert Observation
|
Covert observation includes gathering intelligence of the target up close in an effort to identify physical security controls and monitoring staff and/or contractors. This process generally uses technical support such as cameras, GPS trackers, Small Unmanned Surveillance Aircraft (SUSA) etc.
|
Infiltration Planning
|
Information gleaned from the above will begin to coalesce. Vulnerabilities, exit points, entrance points, cameras, guards, fences, company technology, staff members and other relevant information are used to commence this planning phase.
|
Pretexting
|
On approval of the infiltration plans, pretexting is initiated. This involves progressing the plan into action and ensuring the team’s equipment, transportation and personnel are briefed, task specifically trained and ready to deploy.
|
Infiltration, Exploitation and Post-Expolitation
|
During these phases, the team carries out the plan by exploiting exposed vulnerabilities (using information and intelligence previously captured). Exploitation involves penetrating further into the environment and setting up to maintain a persistent vulnerability. Examples of this may be through social engineering or technical surveillance measures (clandestine recording devices).
|