{"product_id":"unauthorised-access-isbn-9780470747612","title":"Unauthorised Access","description":"\u003cb\u003eThe first guide to planning and performing a physical penetration test on your computer's security\u003c\/b\u003e  \u003cp\u003eMost IT security teams concentrate on keeping networks and systems safe from attacks from the outside-but what if your attacker was on the inside? While nearly all IT teams perform a variety of network and application penetration testing procedures, an audit and test of the physical location has not been as prevalent. IT teams are now increasingly requesting physical penetration tests, but there is little available in terms of training. The goal of the test is to demonstrate any deficiencies in operating procedures concerning physical security.\u003c\/p\u003e \u003cp\u003eFeaturing a Foreword written by world-renowned hacker Kevin D. Mitnick and lead author of \u003ci\u003eThe Art of Intrusion\u003c\/i\u003e and \u003ci\u003eThe Art of Deception\u003c\/i\u003e, this book is the first guide to planning and performing a physical penetration test. Inside, IT security expert Wil Allsopp guides you through the entire process from gathering intelligence, getting inside, dealing with threats, staying hidden (often in plain sight), and getting access to networks and data.\u003c\/p\u003e \u003cul\u003e \u003cli\u003eTeaches IT security teams how to break into their own facility in order to defend against such attacks, which is often overlooked by IT security teams but is of critical importance\u003c\/li\u003e \u003cli\u003eDeals with intelligence gathering, such as getting access building blueprints and satellite imagery, hacking security cameras, planting bugs, and eavesdropping on security channels\u003c\/li\u003e \u003cli\u003eIncludes safeguards for consultants paid to probe facilities unbeknown to staff\u003c\/li\u003e \u003cli\u003eCovers preparing the report and presenting it to management\u003c\/li\u003e \u003c\/ul\u003e \u003cp\u003eIn order to defend data, you need to think like a thief-let \u003ci\u003eUnauthorised Access\u003c\/i\u003e show you how to get inside.\u003c\/p\u003e \u003cp\u003ePreface xi\u003c\/p\u003e \u003cp\u003eAcknowledgements xv\u003c\/p\u003e \u003cp\u003eForeword xvii\u003c\/p\u003e \u003cp\u003e\u003cb\u003e1 The Basics of Physical Penetration Testing 1\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eWhat Do Penetration Testers Do? 2\u003c\/p\u003e \u003cp\u003eSecurity Testing in the Real World 2\u003c\/p\u003e \u003cp\u003eLegal and Procedural Issues 4\u003c\/p\u003e \u003cp\u003eKnow the Enemy 8\u003c\/p\u003e \u003cp\u003eEngaging a Penetration Testing Team 9\u003c\/p\u003e \u003cp\u003eSummary 10\u003c\/p\u003e \u003cp\u003e\u003cb\u003e2 Planning Your Physical Penetration Tests 11\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eBuilding the Operating Team 12\u003c\/p\u003e \u003cp\u003eProject Planning and Workflow 15\u003c\/p\u003e \u003cp\u003eCodes, Call Signs and Communication 26\u003c\/p\u003e \u003cp\u003eSummary 28\u003c\/p\u003e \u003cp\u003e\u003cb\u003e3 Executing Tests 29\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eCommon Paradigms for Conducting Tests 30\u003c\/p\u003e \u003cp\u003eConducting Site Exploration 31\u003c\/p\u003e \u003cp\u003eExample Tactical Approaches 34\u003c\/p\u003e \u003cp\u003eMechanisms of Physical Security 36\u003c\/p\u003e \u003cp\u003eSummary 50\u003c\/p\u003e \u003cp\u003e\u003cb\u003e4 An Introduction to Social Engineering Techniques 51\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eIntroduction to Guerilla Psychology 53\u003c\/p\u003e \u003cp\u003eTactical Approaches to Social Engineering 61\u003c\/p\u003e \u003cp\u003eSummary 66\u003c\/p\u003e \u003cp\u003e\u003cb\u003e5 Lock Picking 67\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eLock Picking as a Hobby 68\u003c\/p\u003e \u003cp\u003eIntroduction to Lock Picking 72\u003c\/p\u003e \u003cp\u003eAdvanced Techniques 80\u003c\/p\u003e \u003cp\u003eAttacking Other Mechanisms 82\u003c\/p\u003e \u003cp\u003eSummary 86\u003c\/p\u003e \u003cp\u003e\u003cb\u003e6 Information Gathering 89\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eDumpster Diving 90\u003c\/p\u003e \u003cp\u003eShoulder Surfing 99\u003c\/p\u003e \u003cp\u003eCollecting Photographic Intelligence 102\u003c\/p\u003e \u003cp\u003eFinding Information From Public Sources and the Internet 107\u003c\/p\u003e \u003cp\u003eElectronic Surveillance 115\u003c\/p\u003e \u003cp\u003eCovert Surveillance 117\u003c\/p\u003e \u003cp\u003eSummary 119\u003c\/p\u003e \u003cp\u003e\u003cb\u003e7 Hacking Wireless Equipment 121\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eWireless Networking Concepts 122\u003c\/p\u003e \u003cp\u003eIntroduction to Wireless Cryptography 125\u003c\/p\u003e \u003cp\u003eCracking Encryption 131\u003c\/p\u003e \u003cp\u003eAttacking a Wireless Client 144\u003c\/p\u003e \u003cp\u003eMounting a Bluetooth Attack 150\u003c\/p\u003e \u003cp\u003eSummary 153\u003c\/p\u003e \u003cp\u003e\u003cb\u003e8 Gathering the Right Equipment 155\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eThe ‘‘Get of Jail Free’’ Card 155\u003c\/p\u003e \u003cp\u003ePhotography and Surveillance Equipment 157\u003c\/p\u003e \u003cp\u003eComputer Equipment 159\u003c\/p\u003e \u003cp\u003eWireless Equipment 160\u003c\/p\u003e \u003cp\u003eGlobal Positioning Systems 165\u003c\/p\u003e \u003cp\u003eLock Picking Tools 167\u003c\/p\u003e \u003cp\u003eForensics Equipment 169\u003c\/p\u003e \u003cp\u003eCommunications Equipment 170\u003c\/p\u003e \u003cp\u003eScanners 171\u003c\/p\u003e \u003cp\u003eSummary 175\u003c\/p\u003e \u003cp\u003e\u003cb\u003e9 Tales from the Front Line 177\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eSCADA Raiders 177\u003c\/p\u003e \u003cp\u003eNight Vision 187\u003c\/p\u003e \u003cp\u003eUnauthorized Access 197\u003c\/p\u003e \u003cp\u003eSummary 204\u003c\/p\u003e \u003cp\u003e\u003cb\u003e10 Introducing Security Policy Concepts 207\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003ePhysical Security 208\u003c\/p\u003e \u003cp\u003eProtectively Marked or Classified GDI Material 213\u003c\/p\u003e \u003cp\u003eProtective Markings in the Corporate World 216\u003c\/p\u003e \u003cp\u003eCommunications Security 218\u003c\/p\u003e \u003cp\u003eStaff Background Checks 221\u003c\/p\u003e \u003cp\u003eData Destruction 223\u003c\/p\u003e \u003cp\u003eData Encryption 224\u003c\/p\u003e \u003cp\u003eOutsourcing Risks 225\u003c\/p\u003e \u003cp\u003eIncident Response Policies 226\u003c\/p\u003e \u003cp\u003eSummary 228\u003c\/p\u003e \u003cp\u003e\u003cb\u003e11 Counter Intelligence 229\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eUnderstanding the Sources of Information Exposure 230\u003c\/p\u003e \u003cp\u003eSocial Engineering Attacks 235\u003c\/p\u003e \u003cp\u003eProtecting Against Electronic Monitoring 239\u003c\/p\u003e \u003cp\u003eSecuring Refuse 240\u003c\/p\u003e \u003cp\u003eProtecting Against Tailgating and Shoulder Surfing 241\u003c\/p\u003e \u003cp\u003ePerforming Penetration Testing 242\u003c\/p\u003e \u003cp\u003eBaseline Physical Security 245\u003c\/p\u003e \u003cp\u003eSummary 247\u003c\/p\u003e \u003cp\u003e\u003cb\u003eAppendix A: UK Law 249\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eComputer Misuse Act 249\u003c\/p\u003e \u003cp\u003eHuman Rights Act 251\u003c\/p\u003e \u003cp\u003eRegulation of Investigatory Powers Act 252\u003c\/p\u003e \u003cp\u003eData Protection Act 253\u003c\/p\u003e \u003cp\u003e\u003cb\u003eAppendix B: US Law 255\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eComputer Fraud and Abuse Act 255\u003c\/p\u003e \u003cp\u003eElectronic Communications Privacy Act 256\u003c\/p\u003e \u003cp\u003eSOX and HIPAA 257\u003c\/p\u003e \u003cp\u003e\u003cb\u003eAppendix C: EU Law 261\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eEuropean Network and Information Security Agency 261\u003c\/p\u003e \u003cp\u003eData Protection Directive 263\u003c\/p\u003e \u003cp\u003e\u003cb\u003eAppendix D: Security Clearances 265\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eClearance Procedures in the United Kingdom 266\u003c\/p\u003e \u003cp\u003eLevels of Clearance in the United Kingdom 266\u003c\/p\u003e \u003cp\u003eLevels of Clearance in the United States 268\u003c\/p\u003e \u003cp\u003e\u003cb\u003eAppendix E: Security Accreditations 271\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eCertified Information Systems Security Professional 271\u003c\/p\u003e \u003cp\u003eCommunication–Electronics Security Group CHECK 272\u003c\/p\u003e \u003cp\u003eGlobal Information Assurance Certification 274\u003c\/p\u003e \u003cp\u003eINFOSEC Assessment and Evaluation 275\u003c\/p\u003e \u003cp\u003eIndex 277\u003c\/p\u003e  \u003cp\u003e\u003cstrong\u003eWil Allsopp\u003c\/strong\u003e (Netherlands) is an IT security expert who has provided security audits for some of the largest companies in the UK including top tier banking, government and most of the Fortune 100. His job requires him to be part hacker, and part thief as companies hire him to probe their security measures to the extreme.   \u003cb\u003eIn this book Wil Allsopp has created a thorough reference for those looking to advance into the area of physical penetration testing. The book also serves as a guidebook for in-house security managers seeking to institute better policy safeguards.”\u003c\/b\u003e – From the Foreword, by Kevin Mitnick  \u003c\/p\u003e\u003cp\u003eMost IT security teams concentrate on keeping networks and systems safe from the outside – usually with the entire focus on firewalls, server configuration, application security, intrusion detection systems, and the like. But what if your attacker was on the inside? What if they were sitting at an employee’s computer, or placing a wireless access point hidden in a wiring closet or even roaming inside your server room?\u003c\/p\u003e \u003cp\u003e\u003ci\u003eUnauthorised Access\u003c\/i\u003e provides the first guide to planning and performing physical penetration tests. Inside, IT security expert Wil Allsopp guides you through the entire process from gathering intelligence, getting inside, dealing with threats, staying hidden (often in plain sight) and getting access to networks and data. Learn to think like an attacker with topics that include:\u003c\/p\u003e \u003cul\u003e \u003cli\u003eTypes of target vs level of anticipated response\u003c\/li\u003e \u003cli\u003e Dealing with guards\u003c\/li\u003e \u003cli\u003e Intelligence tradecraft, satellite imagery and in depth information gathering\u003c\/li\u003e \u003cli\u003e Planting bugs and covert wireless access points\u003c\/li\u003e \u003cli\u003e Hacking security cameras\u003c\/li\u003e \u003cli\u003e Strategic, tactical and operational planning\u003c\/li\u003e \u003cli\u003e Defeating locks, electronic keypads and other electronic access systems\u003c\/li\u003e \u003cli\u003e Social engineering - the weakest link\u003c\/li\u003e \u003cli\u003e Using your “Get Out of Jail Free” card\u003c\/li\u003e \u003cli\u003e Complying with local laws\u003c\/li\u003e \u003cli\u003e Attacking wireless networks\u003c\/li\u003e \u003c\/ul\u003e","brand":"Wiley","offers":[{"title":"Default Title","offer_id":47990424928485,"sku":"NP9780470747612","price":53.0,"currency_code":"USD","in_stock":false}],"thumbnail_url":"\/\/cdn.shopify.com\/s\/files\/1\/1842\/7735\/files\/9780470747612.jpg?v=1761787776","url":"https:\/\/k12savings.com\/products\/unauthorised-access-isbn-9780470747612","provider":"K12savings","version":"1.0","type":"link"}