Penetration Testing the Old Fashioned Way
Penetration Testing is a vital step to take in order to ensure that a clients security measures are meeting even the basic of requirements. PGS offers penetration testing as either a single Covert Surveillance assignment or within an auditing process, be it an individual audit or a continual audit programme.
What is Penetration Testing?
Simply put; penetration testing is the attempt to enter a predefined area that is covered by security measures. Furthermore the individual carrying out the testing often uses fictional reasons to gain entry or even weak points of perimeters. However, for the testing to be of benefit and a positive learning tool; no excessive steps should be taken in order to gain entry.
For example, A hole in a perimeter fence can be used, but making a hole that did not already exist would not be permitted.
Preparation for Testing
Due to the varied nature of clients sites and requirements; preparation for any testing is vital. Yet it is also vital is that any individual on the security team must never be informed of an upcoming test.
Initial preparation will consist of either a meeting or phone call with the client to set out the basic parameters of what and how they feel the test should be conducted. Once the initial concept is provided; PGS will carry out more detailed planning which may even include reconnaissance of the target site. The brief which will consist of both the client’s requirements and any advisories or recommendations will then be reviewed with the client.
Upon completion and finalisation of the brief; the client will be asked to sign off on the testing and a date will be set. To maintain a neutral position, the time of the test will not be provided to the client; unless required due to H&S issues. PGS will also take steps to inform any authority; such as the police, that testing is being carried out. This final step is essential in order to reduce the impact on external bodies and can often lead to a stronger relationship with local authorities.
Execution of the Test
Once the testing begins all details are recorded for later reporting. PGS use many different tools and systems to capture information during testing; including audio/video recording equipment, photography equipment and even GPS trackers. Our goal is to identify any possible areas of improvement in a positive manner, and not to bring a negative light on current security measures.
A good example of a test could be attempting to enter a site by giving the Gatehouse false details or posing as a delivery driver to gain access. Our testing is not limited to site based assignments however and can also be used in hotels, shops, private homes… the list is endless.
Conclusion of Testing
There are two possible outcomes for concluding testing; either a failed attempt to enter or a successful entry, each of which has its own outcome.
If stopped and/or refused entry; then identification will be produced and a request for the client to be informed. A meeting is then held with the security staff to debrief on the test event.
Although a detailed plan will of be finalised within the brief creation; it is standard practice to leave the site without raising any suspicion. Once off-site; a detailed report will be issued to the client and a follow-up meeting scheduled.
No matter the result of the penetration testing; it is often beneficial to follow up with further auditing processes.
Did you read our article about Never Underestimate The Influence Of A Good Security Uniform?