Physical security underpins all other information security controls. If physical security can be compromised, then almost all other controls can be bypassed or rendered ineffective. The physical security of the information assets of the business is a critical security area that is commonly ignored or undervalued by many organisations.
The threat for a physical penetration test is an unauthorised outsider attempting to gain access to internal networks and systems. Physical penetration is the most risky mechanism of external penetration for an attacker as they may be recorded by surveillance systems or subject to arrest. Examples of this class of attacker include activists and organised crime.
The goal of the simulated attacker performing a physical penetration test is physical access to the internal network. Attacks may be performed on any site containing network infrastructure.
The testing follows a structured approach consistent with the current OSSTMM Physical Security Testing methodology. Testing includes the following layers of the network model:
The methodology used to perform a physical penetration test is:
- Passive information gathering;
- Access verification;
- Trust verification; and
- Property validation.
Upon identifying any weaknesses within your system DMA will provide you with a report detailing all of the vulnerabilities which have been identified within your system, categorising them by their risk and offering suggested remediation activities which should occur. These remediation activities can be completed by your organisation or DMA’s services can be enlisted to assist.