Posted on Mar 3, 2016
SPC(P) Information Security (Is) Analyst
5.58K
8
5
4
4
0
Huge part of InfoSec, and I believe is overlooked is Physical Security. I want to be successful in securing my Network logically and physically. What do you look for when doing a physical security assessment?
Avatar feed
Responses: 3
Sgt Aaron Kennedy, MS
2
2
0
Think of your location like a "safe." Start by looking at the outside and see what the access points are and if there are any other vulnerabilities.

As an example, if you have a room where all your network infrastructure is located, how do you get into the room? Can you get into the room another way? With or without damage? Will those methods be "detectable" or "trackable." (Will you know someone has been inside). The best container is worthless of everyone has a key, and you can't tell who has been in it.

If the network expands out of that space, is it vulnerable along the way? (non-encrypted). Can its protections be bypassed if someone has physical access to them?
(2)
Comment
(0)
Avatar small
SSG Ed Mikus
1
1
0
If a pen tester did not gain access, don't hire them again. there is always a way in. as for physical security, if i can access any input output device directly you could have problems. most sensitive are: keyboard, bluetooth, cd drive, wifi, network cable (i don't have to unplug it either) USB, firewire, this list could go on for a while. if i can access any of the things listed i can own your computer. the biggest thing is the assessment, do not spend more protecting your systems than they are worth, that includes more than just the hardware but the data in it, its value to other people and many other things.
(1)
Comment
(0)
SPC(P) Information Security (Is) Analyst
SPC(P) (Join to see)
>1 y
Well put, I didn't hire the guy, but he pretended to be with one of our ISP's and asked if he had an appointment...... Started getting as much info as I can and went as far as calling the company... Once I did that, he left
(0)
Reply
(0)
Avatar small
SPC Andrew Griffin
1
1
0
This is a Loaded Question! I will need to get back to you!
(1)
Comment
(0)
SPC(P) Information Security (Is) Analyst
SPC(P) (Join to see)
>1 y
Thank you! Because I believe we just had a Pentester trying to gain access (failed MISERABLY) LOL
(0)
Reply
(0)
Avatar small

Join nearly 2 million former and current members of the US military, just like you.

close