Chapter 1. The Basics of Physical Penetration Testing
If you know the enemy and know yourself, you need not fear the result of a hundred battles.
—Sun Tzu: The Art of War
There is an old saying that security is only as strong as the weakest link in the chain. This is an erudite and often overlooked truth. The weakest link is never the cryptographic keys protecting a VPN link or the corporate firewalls guarding the borders of a network, although these technologies certainly have their shortfalls. The weakest link in any security scenario is people. Some people are lazy and all people make mistakes and can be manipulated. This is the most important security lesson you will ever learn: security in any form always boils down to people and trust. Any decent computer hacker will tell you: if you want to be good, learn technologies and programming languages, reverse engineer operating systems, and so on. To be a great hacker requires learning skills that are generally not maintained by people of this mindset. Once you master the manipulation of people, you can break into anything – any system whether corporate, electronic or human is vulnerable.
This chapter covers the basics of penetration testing, the things you need to know before you dive into the more interesting practical chapters. This includes a guide to terminology unique to penetration testers, a little on legal and procedural issues (because an understanding of the relevant legislation is critical) and, of course, a discussion ...
Get Unauthorised Access: Physical Penetration Testing For IT Security Teams now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
