Physical Penetration Testing

Understand the true strength and effectiveness of physical security controls in data centers, offices, substations, critical infrastructure and more

Vulnerable Door Security

Overview Of Physical Penetration Testing

Many businesses do an excellent job of protecting themselves with network and application cyber security against virtual threats. At the same time, they might overlook the risk of physical threats. Physical threats could include such common security incidents as having criminals pick locks, steal devices, or even convince an employee to let them inside a server room.

According to the National Center for Education Statistics, without strong physical security, no security professionals can claim to provide true information security or a good security posture. RedTeam Security’s physical penetration testers know exactly how bad actors gain physical access to sensitive, secured areas, and they use this experience to provide recommendations to remediate problems. To find out how RedTeam Security can help protect your valuable computer systems, information, and other assets, contact a physical security expert today. The quick, online scoping process will provide you with both prices and schedules.

What is Physical Penetration Testing?

Many people picture online hackers when they think of cybersecurity threats. Thus, they develop security awareness programs around educating employees about password policies,  avoiding phishing schemes, using secure networks, getting approval for new apps from the security team, and addressing other online security vulnerabilities. They may also install security software to block threats and monitor data usage.

Nobody can deny the importance of these aspects of cybersecurity; however, they ignore the threat of a criminal gaining access to a building or room that contains the machines and data the company needs to function and maintain their competitive edge.

In contrast, physical penetration testing uncovers real-world vulnerabilities in the physical barriers meant to protect sensitive information and expensive hardware. Pen testers actually create simulated attacks that mimic the actions that criminals might take to gain access to sensitive equipment or information. Some of the tested barriers might include locks, windows, intrusion alarms, cameras, sensors, or even security guards and other employees.

Physical-penetration-testing methods

For example, businesses may have decent physical security against such outside threats as lock picking; however, at least one-third of companies suffer data breaches or other issues because of insider-initiated crimes. In other words, the problem starts with employees who gain access to data centers with their credentials but then use that access for criminal or malicious reasons. 

In other cases, bad actors may convince well-intentioned employees to let them in by pretending to be another employee.  They might even gain access to a meeting room and simply pick up credentials or information left discarded in the trash.

Once pentesters uncover issues, they can make suggestions to strengthen physical security controls before criminals or accidents can breach them. They can also suggest security systems that monitor all activity to improve incident response in the case of an inside job.

Benefits of Physical Penetration Testing for Physical Security

Businesses realize two main benefits from physical pen testing:

  • Expose weak physical barriers: This kind of testing will expose security vulnerabilities and produce a remediation plan that will improve an organization’s overall security posture. Companies will know their weaknesses to strengthen their protection. 
  • Understand the risks: These simulated attacks against physical barriers will also provide an estimate of the kind of damage that any security weaknesses leave businesses open to. When companies know the degree of damage they could face, they can prioritize remediation actions. 

What Are the Various Types of Penetration Testing?

Physical penetration testing seeks to expose weaknesses in physical security systems. Besides physical pen testing, these are other kinds of penetration testing:

Network Penetration

With network penetration, security experts simulate attacks to discover weaknesses in a company’s routers, switches, and other aspects of their network. This test exposes any vulnerable parts of the network that criminals might exploit and provides suggestions to close any security issues the testing uncovered.

Application Penetration

Web Application penetration attempts to gain access to software, including web or mobile apps. Since developers may have a hard time seeing their development objectively, many businesses rely upon a third-party security consultant to perform these tests. That way, application developers and users can make certain that their software meets their security standards. If it doesn’t, they understand the risks and how to plug security holes.

Online Social Engineering Penetration

Instead of testing software, hardware, or even physical barriers, social engineering tests try to discover how well employees avoid accidentally giving smart criminals access to systems. These tests can help businesses develop a security program that helps employees learn how to prevent such common scams as online phishing attacks.

What Are Various Physical Pen Testing Methods?

RedTeam Security teams know precisely how criminals might gain access to both computer systems and buildings. A security consultant may rely upon these methods to conduct physical pen testing:

Reconnaissance and Mapping

The first step consists of mapping possible exits and entries. Criminals will often enter through an unsecured fire escape, window, or another little-used entry point.  Also, while mapping the perimeter, the security professionals should indicate existing security barriers, such as locks and cameras. They will work to duplicate the actions that a criminal might take to evade or get past these barriers.

Determine if Criminals Could Pick Locks

If the building uses an electronic, key, or combination lock, some smart criminals may engage in lock picking. For an extra measure of security, the security consultant may suggest dual locks. For instance, an electronic lock should require not just a card key but also a PIN code. Having two barriers in place, instead of only one, makes it much more difficult for a criminal to gain access.

Look for Traditional Ways to Steal Information

Attackers don’t always use computers to steal information. Could they use cameras to take photos of sensitive information on an employee’s computer screen? Could they even plant microphones to overhear conversations? Criminals often used these methods to steal embarrassing, private, or valuable information in the past, and they still do.

Check Network Jacks

Many companies have tried to make their workspace more flexible by offering meeting and collaboration rooms with network jacks for employees to use. Could a criminal enter one of these rooms and simply plug in their own device to plant a virus or steal data? Good security controls might include adding security systems that only allow registered devices to access the system.

Prioritize Server Security

Generally, businesses keep their most important, sensitive, and valuable information on in-house servers. If a bad actor gained access to this room, they could easily disable the machines. They might also use unattended peripherals to steal data or introduce a virus.

Check Wireless Connections

These days, improperly secured wireless connections give clever criminals a way to access credentials or even transmitted information. The security professionals need to ensure that the business uses secure, updated routers, and devices.

Consider Physical Hazard Protection and Backups

True security won’t just include threats from criminals but even accidents or acts of nature. Good physical pen tests should also consider fire or flood prevention and backup plans. A fire or flood can disable business computers and applications, as well as a thief, can. Thus, they may study the fire alarms and even offsite backup plans.

Check the Trash

Some businesses may still reply upon paper reports, files, and other documents. Thus, pen testers will look into the types of materials that employees discard and whether the company has a shredding policy and available shredders. If this kind of information makes it to a dumpster, criminals will find it easy to steal.

Look for Tailgating and Other Offline Social Engineering Opportunities

Could a criminal convince an authorized employee to hold the door for them while they pass through simply? For instance, they might enter with their hands full, so the employee finds it natural to assist them. Tailgating refers to this kind of offline social engineering attack. Criminals may use an employee’s natural inclination to provide helpful service against them and their employer.

In other cases, a bad actor might pretend to be an executive or analyst to convince employees to give them reports or passwords. In any case, remediation consists of shoring up this weak link by reinforcing the importance of following governance rules about credentials and other private information.

Consider Hybrid Threats

Schemes to infect computer systems or steal information may include both an online and an offline part. For instance, a thief might steal or infect a device that already comes with the credentials needed to login to computer systems and invade networks. Some of these devices could include computers, mobile phones, and even flash drives.

How Long Does Pen Testing Take?

Naturally, businesses will want to know how long their test will take. Most of them last between two to six weeks. The complexity and location of the facility and sensitivity of the information will determine the schedule. With that said, RedTeam will conduct an evaluation and propose a schedule before any testing work begins.

What Tools Do Physical Penetration Testers Use?

RedTeam security consultants will use the same kinds of tools that criminals use. These can range from electronic devices and apps that can pick up information from wireless connections to lock picking sets. In some cases, the security consultants may simply use diplomacy to try to entice employees to unwittingly cooperate with their simulated attack.

How Much Will Physical Pen Testing Cost?

Naturally, businesses need to know how much they will pay for their security project. Some websites offer flat rates for physical pen testing. Sadly, that’s a clear sign that the company probably won’t tailor their plan to the business. 

For example, a small clinic may keep private patient records they need to protect; however, the test probably won’t take as long or involve as many variables as the pen testing required for a global financial company.

RedTeam will do a quick, online scoping of the project to determine the price. Of course, time, travel, and other factors will determine the final cost. Take a look at the free online scoping process to request a personalized price quote.

Get a Free Physical Penetration Testing Consultation From RedTeam Security

While businesses have focused upon securing networks, apps, and computers against online attacks, 42 percent of security professionals say that they’re very concerned about physical threats that could range from an attacker kicking in a door to simply convincing a credentialed employee to let them in. The most robust online security systems will not protect businesses against these kinds of physical or hybrid attacks.

As just one example, a study found at least 74,000 data breaches involved simply stealing a laptop or other device from an employee, contractor, or other stakeholders. Of course, the companies lost more than laptops or phones; they also lost data and credentials. 

For another example, criminals have left infected USB drives in parking lots for unsuspecting employees to retrieve and insert in-network slots. This happened at a secure U.S. Army base in the Middle East. The virus spread through both unsecured and secured systems in multiple countries.

Physical penetration testing provides your organization with a chance to uncover and remediate any physical security vulnerabilities. Get started by scheduling an appointment to discuss concerns with a RedTeam security consultant online or by calling 612-234-7848. RedTeam also can provide security teams to provide network, application, and online social engineering attacks.

Services Datasheet

Learn more about RedTeam Security's advanced Application, Network and Physical Penetration Testing, Social Engineering and Red Teaming services.

Scoping-Questionnaire-Graphic-403-x-528-px

Penetration Testing Resources

View all