You are viewing 'physical security'

The Thief

#WarStoryWednesday

Tim Roberts

November 02, 2016 - Posted by Tim Roberts to Security Insight

Clipboard Assessment Background

Earlier this year, a friend (5tubb0rn) and I toyed around with some ideas at a local hacker workspace. I had been using a Proxmark/BishopFox build to steal proximity badges during some of our Professional Security Services on-site Social Engineering Assessments and covert Physical Security Assessments. The Proxmark/BishopFox build was handy in that I didn’t have to bump into anyone in order to snag their badge for replication. The only problem I’ve had with this device is the size – it is a garage badge reader after all, and about the size of a laptop. There are smaller devices out there but we wanted to create something from scratch, utilizing a Raspberry Pi and some plug-and-play sensors that could be easily hidden by someone in the guise of a contractor. So, the two of us came up with a... read more >

STOP. THINK. FACT CHECK.

#WarStoryWednesday

Brent White

October 05, 2016 - Posted by Brent White to Security Insight

Another Wednesday, another war story. As a Senior Security Consultant here at NTT Security, I am constantly performing assessments on-site for our clients. At a recent on-site social engineering and physical security assessment, we exploited some vulnerabilities that could easily have been avoided with the right security measures in place.

Also, as many of you are aware, October is National Cyber Security Awareness Month (NCSAM). The theme for this week is STOP. THINK. CONNECT, however, I’d like to change it to fit the theme of my blog: STOP. THINK. FACT CHECK. As I’ve said in previous war stories, always ask questions and check that the person is who they say they are. And no matter how nice someone may look or act, always fact check. Use your instincts and don’t let someone with seemingly legitimate credentials fool you.

Assessment Background

The... read more >

The Challenges with Physical Security - Hard Candy Shell, Soft on the Inside

#WarStoryWednesday

Michael Born

May 11, 2016 - Posted by Michael Born to Security Insight

Physical Security - Hard Candy Shell, Soft on the Inside

I recently had the pleasure of performing a combined Social Engineering and Physical Security Assessment over the course of a national holiday. While my story may not come close to what Solutionary Security Consultants' Tim Roberts or Brent White have enlightened you with, I must say this assessment certainly opens one’s eyes to the challenges that an organization, similar in size to the assessed business, faces when growing rapidly and trying to fit in an Information Security program.

Top Takeaways

While there are many lessons learned, two top takeaways stand out:

  1. Having the proper corporate structure is one of the most important components in standing up a successful information security program.
  2. Perceived security is just that – perceived. As my co-worker Andrew Weed put it: “This is like an M&M – a hard candy shell, soft on the inside.” To some extent he is correct. The amount...
read more >

The Key

#WarStoryWednesday

Tim Roberts

November 04, 2015 - Posted by Tim Roberts to Security Insight

Assessment Background

On nearly every assessment I have performed, I have been able to piggyback my way into target buildings and sensitive areas. If you walk in with confidence and even attempt to “badge in,” most employees will pay little attention to the error sound or the red light of an illegitimate swipe. So, to the unaware, you can easily pass as an authentic employee as long as you look the part and appear to have the right badge; especially at a facility with a large employee body.

Using this technique, it is often inevitable that you will encounter a security guard, especially in the lobby area. If an area with a guard is unavoidable, I will wait for a guard to become engaged in conversation with another employee, receive a phone call sign for a delivery or become distracted in some other way in order to take advantage of the distraction. In my experience, a security guard will also pay little attention to the color of the light or... read more >

Point-of-Sale System Security Analysis

How hackers gain access to POS systems in retail and restaurants

Will Caput

August 11, 2015 - Posted by Will Caput to Security Insight

Solutionary Security Consulting Services (SCS) performs security assessments against a wide variety of architectures. This can encompass both hardware and software. Recently, we assessed two point-of-sale (POS) systems for clients in different industries – Retail and Restaurants. POS systems are the latest and greatest hacking target taking place around the nation. In the last couple of years, we’ve read a lot about big organizations being hacked and credit card information stolen. In these instances, terminals from the POS machines were compromised and they provided confidential financial information to data thieves.

Even though these major hacking events have been publicized, credit cards are still being swiped throughout the day at grocery stores, department stores and restaurants. Without any concern, consumers hand over credit cards or debit cards to... read more >

1 | 2 | 3 | 4 | 5 | 6 | Older Entries >>

Voted one of the Best Computer Security Blogs 2016
NTT Security (US), Inc. (formerly Solutionary) is a security consulting and managed security services provider. The NTT Security blog is a place for IT professionals to both learn and talk about the latest in IT security and compliance.

Get the NTT Security Blog delivered to your inbox!

Enter your Email:

(We will not share your email or use it for anything else.)

LATEST TWEETS