Physical Assessment: Testing Building Security for Entry Points

Breaking In With a Plan – Assessing Processes and Detecting Blind Spots

In a physical assessment, the security of your physical infrastructure is tested. The best IT security is of little use when the door to the company stands physically open to any attacker . Of particular interest, therefore, are all interfaces between the IT department and other departments.

Exploiting vulnerabilities in access control or in processes and the awareness of employees often provides a way to access the physical spaces of a company.

On this basis, the following targets are possible:

  • Intrusion into server, laboratory or storage rooms
  • Insertion of an external system into the company network
  • Access to highly sensitive administrative offices

The customer can decide how much social engineering is used in the assessment. As with all projects involving an amount of social engineering, SySS abides strictly by its social engineering code of ethics (see SySS White Paper, Section 3.3).

Lessons Learned

The physical assessment provides several insights. The assessment can, for example, be used to answer the following questions:

  • Are there vulnerabilities in the access control for employees and/or guests?
  • Are there failures in the processes for guests?
  • What is the awareness level of employees? Are persons outside the company identified – and, if so, are they stopped?
  • Are there any inadequate physical security measures?

These findings can then provide further means by which to expand or introduce processes. Further awareness measures can similarly be derived from the lessons learned.

You are interested in a physical assessment?

Steffen Stepper
steffen.stepper(at)syss.de
redteam(at)syss.de
+49 (0)7071 - 40 78 56-6157
PGP Key

Project Scope

Physical assessments are carried out ideally over several days and by at least two consultants . The assessment is based on the following project phases:

  • Kickoff
  • Information gathering
  • Creation of suitable background stories
  • Intrusion attempts
  • Documentation

DO NOT HESITATE TO GET IN TOUCH +49 (0)7071 - 40 78 56-0 or anfrage@syss.de | OUTSIDE REGULAR OFFICE Hours CALL +49 (0)7071 - 40 78 56-99

As a framework contract customer please dial the provided on-call service number

DO NOT HESITATE TO GET IN TOUCH +49 (0)7071 - 40 78 56-0 or anfrage@syss.de

OUTSIDE REGULAR OFFICE Hours CALL +49 (0)7071 - 40 78 56-99

As a framework contract customer please dial the provided on-call service number

GET IN TOUCH

+49 (0)7071 - 40 78 56-0 or anfrage@syss.de

OUTSIDE REGULAR OFFICE Hours

+49 (0)7071 - 40 78 56-99

As a framework contract customer please dial the provided on-call service number