Customer Reviews

Unauthorised Access: Physical Penetration Testing For IT Security Teams

5 star:		(3)
4 star:		(2)
3 star:		(0)
2 star:		(0)
1 star:		(0)

 

 

Unauthorised Access is nothing short of a manual for corporate espionage. Author Wil Allsopp, is a "penetration tester", a hired gun brought in by companies to find out how effective the security defences protecting their premises are.

While conventional penetration testing ("pentesting") involves remote hacking, typically through software vulnerabilities, physical pen-testers gain access to a company's offices or data centre with the goal of connecting to a restricted network, planting a bug or even an imitation explosive device

With ten years experience as a pen-tester, Allsopp offers superb insight into common methods used by criminals to manipulate employees, from phone calls to outright espionage. The chapter on social engineering, in particular, is guaranteed to spark paranoia and sleepless nights among even the most grizzled chief security officers.

Specific tactics he reveals include employing politeness, inducing fear, faking supplication, invoking authority, ingratiation and deference, and even sexual manipulation.

Another chapter details several successful pen-tests conducted by Allsopp and his team, including attacks on a UK power plant and a supercomputing facility conducting spatial modelling of nuclear explosions for the military. He also describes the antics of a pentester who bypassed the security of a large corporate by observing the uniform of the firm's security guard, then showing up the next day in identical costume, pulling rank and relieving the man of duty

The enjoyment Allsopp clearly derives from his work is reflected in his book; he writes with that particular tone of repressed glee common among white hat hackers. This, together with his tendency to adopt a Boy's Own adventure narrative style, makes the book very readable but occasionally somewhat glib. And at times it is hard to tell whether Allsopp is offering advice to the CSO, helping the reader start their own pen-testing company or trying to prove to a less salubrious readership how clever he is.

Indeed, many of the techniques described in Unauthorised Access are open to abuse. Allsopp gives the excuse that "the bad guys already know", before urging the reader to consider taking up lock picking as a rewarding hobby.

As the author notes several times throughout the book, this work is not exhaustive on any one subject. It does, however, provide a very nice overview of penetration testing as a whole. It covers several aspects that I wouldn't have thought of.

As a systems administrator, I bought this book to get some ideas about weak points in our network/physical security. After reading through some of the examples and case studies, I have made some changes that I think will go a long way in beefing up our security.

I would definitely recommend reading this book if you have any interest in IT/Physical security.

A good, solid intro to penetration testing. Obviously each aspect of penetration testing deserves its own separate book, but I won't penalize the book for that. I enjoyed it.

This is a good book for coverage of physical security. My only complaint is that it is a bit thin on some subjects. I think that if it were made a bit longer, and had room to be more extensive, it would have been perfect.

The book is definitely an interesting read to anyone interested in penetration testing or spy books. It covers a wide range of topics and is not boring to read. My favorite chapters were on wireless hacking and lock picking.