Types of physical security controls
Organizations use a number of physical security controls to regulate who gains access to the facility or what areas in the facility they gain access to. Highly secured environments control access to the facility by having high fencing around the perimeter of the property with only one or two entrances used to enter or leave the facility. These entrances will have gates and security guards that control who gains access to the building. In highly secured locations, the guard ensures that everyone who enters has an ID badge. Visitors typically need to get a guest badge and be escorted by the employee that has the visitor to the facility.Once inside the building, doors are locked to control who can gain access to different areas of the building. Companies can use traditional lock and keys, combination locks, or use electronic locking systems where a card needs to be swiped in order to gain access to that area of the building.
Exploiting physical security
A number of methods may be used to bypass physical security controls. As a penetration tester, you may need to test these physical controls and see if you can bypass the security to gain access to areas of the building you should not have access to.Piggybacking/tailgating
To compromise physical security as a penetration tester, you can try to follow an employee who does have access into a restricted area of the building after the employee unlocks the door. There are two terms for this type of physical security attack:- Piggybacking: Piggybacking occurs when employees use their swipe card (key) to unlock a door and they allow the person behind them into the locked area as well without making that person swipe his or her card. This is exploiting the person’s human nature to hold the door open for the next person. As the penetration tester, you want to test to see if you can piggyback into the facility as this identifies a huge security concern. Note that with piggybacking, the person is aware that he or she is allowing you in.
- Tailgating: Tailgating is similar to piggybacking with the exception that the employee has no idea you slipped through the door after he or she had unlocked it.
For the PenTest+ certification exam, remember the difference between piggybacking and tailgating. Piggybacking involves the employee knowing and allowing someone to gain access to a restricted area, while with tailgating, the employee did not know someone was able to gain access after the employee unlocked the door.
A great countermeasure to implement to prevent piggybacking and tailgating is a mantrap. A mantrap is an area between two locked doors. The second door does not unlock until the first door locks. This ensures employees know who is with them at all times. Revolving doors is another type of mantrap that helps ensure no one else slips through the door while an employee is going through.Dumpster diving
A method to discover sensitive information about a company and its employees is to dumpster dive. With dumpster diving, the attacker goes through the garbage of the intended victim trying to locate information that could help in an attack.It is important to shred all sensitive documents so that the sensitive information cannot be discovered via a dumpster dive attack.
Badge cloning
Electronic badges often are used to gain access to restricted areas within a building. If attackers can get their hands on a badge, they can use a badge cloning device to copy the electronic data stored on the badge that can then be used to gain access to the building.Fence jumping
Having a fence around the perimeter of the facility is only going to keep the innocent people out. A determined hacker can easily climb the fence to gain access to the facility, so it is important that you have designed a fencing strategy that makes it difficult to climb. Most highly secured environments will use a high fence that angles out at a 45-degree angle at the top to make it difficult for someone to climb over. Companies will also have barb wire at the top to prevent someone from trying to climb over the top.Attacks on locks
Traditional locks are susceptible to lock picking in order to gain access to the locked area. A bump key is one example of a lock-picking technique where a filed-down key is placed in the lock and then tapped (bumped) lightly while turning the key slightly. This causes all of the cylinders within the lock to jump up above the cylinder breaking point (hopefully), which would then unlock the door. Many high-quality locks today advertise that they are “bump proof.”Lock bypass is another lock-picking technique in which different methods are used to bypass the locking system. Some techniques used to bypass a lock is loiding, in which a credit card is used to bypass a self-closing latch system. Car locks can be bypassed by inserting a stiff wire between the door and the car structure in order to manipulate the locking system.
Another example of an attack on locks is for motion-sensor doors that are in a locked state until they detect that someone is trying leave from the inside, at which time the door is unlocked. These doors use egress sensors (to detect people going out) that are motion sensors. There is a known hack where hackers are able to spray compressed air from outside through the cracks in the door to trigger the motion sensor to unlock the door.