Active subscribers – to download this issue click on the cover of the magazine on the main website or scroll down this page and click the Download button
Single issue buyers – after paying for this issue click “Physical Security – PenTest Extra 04/2011″ (which will show just above that text)to download your copy of the magazine
by Jon Derrenbacker
Everyone has different ideas of what physical security is, what it encompasses, and how to exploit it. It can include a wide range of exploits, many being surprisingly simple. Regardless of method, going after physical security in a PenTest often proves one of the easiest ways to gain access to a network. Sometimes physical exploits are almost looked on as cheating, simply because some of them are so simple, so obvious, and yet completely unprotected.
Let’s Get Physical
by Kent Blackwell
Your boss calls you into his office to inform you a penetration test has been requested by one of your clients. Unlike the bi-annual vulnerability sweeps Company Inc. has previously requested, they have also asked for a physical security assessment as well. You’ve never preformed this kind of test before and by the time you’ve made it back to your desk your imagination is already running wild with scenarios that wouldn’t look out-of-place in a Mission Impossible movie.
The Process Explained from Start to Finish
by Alex Horan
If a security tester, for example, has only a couple of days to test and report on the security posture of a web application, the tester needs to ensure that manual efforts are only devoted to areas of the web application that deserve manual attention. It would be highly inefficient for the tester to spend a third of his or her time simply crawling the application and recording all of the unique URLs associated with the application.
Anatomy of Attack Detection, Without Data!
by Rishi Narang
There has been a constant evolution in the threat landscape and attack vectors. New attacks, malware, malicious packets traverse our network every now and then. The industry has deployed the measures on perimeter, host and virtually anywhere in between. We have IPS, AV, Firewalls and other protection, and detection tools but most of them look for patterns, or as the standards say, do a DPI (Deep Packet Inspection). But the bottleneck hits when these wares start morphing or a slight change in the code, enables the signature writers to add exorbitant amount of code in the product. The overhead on signature writers and pattern matchers is increasing exponentially.
Intelligent Video Surveillance
by Theofanis Kontos
Intelligent video comprises any solution where the video surveillance system automatically performs an analysis of the captured image. Hence, the central idea behind it is that observation and alarm detection do not burden the human personnel any more, but are assigned to computers.
Now What am I forgetting
by Justin Rogosky
The article below details the exploits of a diamond thief who didn’t use a weapon or threat of violence, he came in everyday as a client and became a trusted individual. Normally, engagements don’t allow you to build up the kind of relationship required for this level of access, but being friendly can get you a lot farther than most people realize.
IT Security Books
In recent months on the market appeared a lot of new books in the field of IT Security. We want to introduce you three of them. “Web Application Security” and “Security Metrics” are a part of “Hacking Exposed” series, which has a good reputation and recognition. The last one, “Securing the Clics”, provides knowledge of network security.
Interview with Patrick Bedwell
Patrick Bedwell has more than 14 years experience in the network security and network management industries. He is the vice president of product marketing at Fortinet and is responsible for executing the marketing strategy for Fortinet’s network security products. Prior to joining Fortinet, Patrick held product marketing and product management leadership positions at Arcot Systems, McAfee, SecurityFocus, Network ICE and Network General. Patrick earned an MBA with honors from Santa Clara University and a BA degree in English from the University of California, Berkeley.