LASCON 2016

Physical security practices are often overlooked when considering the overall security posture for a company. While simple common-sense tells us we should control access to an office or facility, the means by which organizations choose to do this are often found to be lacking or easily defeated. For many companies, considering physical security practices is prioritized lower than other methods of security defense, such as the practices applied to web applications, or network servers. Even though these areas are clearly very important, the abuse of a weak physical security posture can be used to bypass technical protections, undermine your perimeter protections, or generally go ‘straight for the gold’ when attacking an organization’s most critical assets.

For those of us working in the area of physical penetration testing or physical vulnerability assessment, there are a number of common weaknesses that we find at almost all companies we test.

In this presentation, Daniel and Kevin will highlight the key ways in which most companies are found lacking in physical security design, implementation and policy. The methods used most often to bypass weak physical security will be demonstrated, combined with simple defenses to stop these techniques, lower efficacy of typical bypasses, or increase your likelihood of detecting a physical attack in progress.

The session will build on the real-world experiences of the speakers, and lead you to an action plan you can take back to your organization to strengthen your physical security posture – even if you have no budget to spend on this area of concern! Highlights for this session include:

* The physical security weaknesses we typically see at companies of ALL sizes
* Bypass techniques for physical security – why it almost never requires lock picking!
* How to map your physical security and find your own weaknesses
* The things you can do at your firm to improve physical security for free