Contact Us
Contact Us

Physical Penetration Test

Back to Penetration Testing

Understand Your Organization’s Risk With A Physical Penetration Test

Is your physical perimeter secure? Will someone trying to tailgate be challenged? If someone plants a system on the network how long will it take to notice? All of these questions and more can be answered through a physical penetration test.

pexels-pixabay-274886-scaled
img-bg-hexagons-side
pexels-susanne-plank-318815465-13657523-scaled

How a Physical Penetration Test Helps

physical penetration test emulates an attacker trying to break into a physical asset such as a building. The goal of the engineer performing this assessment is to breach the perimeter and prove that they can gain access to the asset and potentially compromise sensitive information.

Some of the questions this test will answer include:

  • Can an attacker gain access to my building?
  • If a building is breached, can an attacker access sensitive information?
  • Can an attacker gain internal network access?
  • Can an insider potentially access secure areas within a building such as a server room?

Our physical penetration testing may include:

  • Open source reconnaissance against the organization
  • RFID cloning
  • Tailgating
  • Physical control bypass
  • Social engineering
  • Employee challenges
  • After hours access

Our Physical Penetration Test Process

Our first step is to jump on a quick call with you and one of our lead engineers to understand your organization’s needs and to scope the penetration test. Within a few hours following this call, you will have a proposal with pricing information and next steps.

Our Proposal will have everything you need to make a decision, including scope, our detailed methodology for the in-scope assessments, pricing information, and the biography of a lead engineer who will be directly involved with your assessment.

Should you choose to move forward with Triaxiom, we will provide the required contracts to get the project started. Once contracts are signed, we will assign a project manager to your account that will work with you to schedule the kick-off call and execution of the assessment.

On the kickoff call, we will review the Rules of Engagement document that will govern the project. It will include all project contracts, the rules the team will follow during testing, the testing schedule, and allow you to provide the necessary technical details to facilitate your assessment.

Once we are on the same page, we will get started. While execution times vary depending on the scope, on average, most projects take one to two weeks of active testing to complete.

All of our assessments go through two rounds of Quality Assurance to ensure our reports and tests meet the highest standards. This includes a technical QA process to ensure our methodology was followed and all evidence was properly collected/analyzed. This is followed by a thorough documentation QA to ensure our reports are consistent and actionable.

Once the reports are complete, we will share them with you via our secure portal. Finally, we will jump on a deliverable presentation to meet with your team to review all findings and answer any questions you may have.

Video Thumbnail

Physical Pen Test Deliverables

Each physical penetration test concludes with a comprehensive report that clearly outlines your organization’s security posture and testing results. Key features of the report include:

  • Executive summary highlighting strengths, risks, and takeaways
  •  Detailed results from the physical penetration test
  • Clear descriptions of risks, affected systems, evidence, and prioritized remediation recommendations
  • Visual summaries and a risk rating scale
  • Roadmap to gradually improve security posture

Physical Pen Test FAQs

A physical penetration test of one office location typically costs $10,800. The test will take approximately three days, one day for surveillance and two days to try to gain access to the facility. This cost does not account for travel expenses as those are billed separately, unless you are in the Charlotte, NC area.

Much like cost, the time required to perform a physical penetration test can vary by the size of the complex and how many locations are in scope. However, for a single office, the test will take approximately three days, one day for surveillance and two days to try to gain access to the facility.

As with every type of penetration test we perform, our engineers are experienced and know how to balance the goal of giving you a realistic view of your vulnerabilities with the need to avoid business disruptions. However, just like other types of tests, as good as we may be, there can occasionally be problems that arise. Here are the two most likely things that can go wrong.

Problem 1: We Get Caught Early
One of the biggest risks with a physical penetration test that we do not have with other types of tests, with the exception of maybe social engineering, is that if we get caught, the test is compromised. The whole point of a physical penetration test is to emulate an attacker trying to physically break into your organization. Therefore, if we get caught trying to break into your building, everyone is going to know about it very quickly, and then the likelihood of the engineer who was just caught “blending in” is slim to none.

To mitigate this risk, Triaxiom takes several precautions. First, for the majority of physical penetration tests we send multiple engineers. That way, if one gets caught, we still have another engineer who has yet to be seen and can continue testing. Additionally, if we do get caught, we try to contain that incident. Once we work it out with the relevant parties that we were authorized to be here and do what we were doing, we try to end the communication at that point and reset. This allows the engineer to conduct additional attempts at night, other buildings, etc. Finally, we always start with our most advanced attack paths first and slowly lower the sophistication to try to determine your level of risk. By starting with our most sophisticated attacks first, we have a much lower chance of being caught and we can more accurately gauge what your organization’s risk level is, as it relates to physical access.

In the worst case scenario, where all of our engineers are compromised during the assessment, we can still provide value. Once the call is made that there is no chance we are getting in undetected, we will switch the assessment to more of a physical security audit. This way, we can walk around and evaluate whether there are any gaps in your physical security posture in a non-adversarial manner. This allows us to add value and improve your security posture, even if you have a strong security baseline that prevented unauthorized access.

Problem 2: The Authorities Get Involved
A second thing that can go wrong during a physical penetration test is that we get caught in more significant way, usually one that involves police, etc. Although it is extremely rare, and most of the time things go off without a hitch, our engineers have been confronted by the police during a physical penetration test. To avoid any problems arising, before we start a physical penetration test, we require a letter of authorization to be filled out on your letterhead and signed by the company official authorizing the test. Triaxiom engineers are trained to try to use social engineering tactics on initial confrontation (besides when the actual police are involved). But, if that does not work or more formal authorities are involved, the engineers are going to quickly give up the attempt and show the authorization letter. Usually, the person who confronts us will want to call the authorized party and ensure we are in fact authorized, which is why it is important we have a cell phone listed. Finally, in some situations, such as tests in rural areas, we will request that the client reach out to the local police force and inform that a test is ongoing. This just makes sure everything is safe and there are no accidents/confrontations.

Our engineers have industry leading certifications including:

  • PCI Qualified Security Assessor (QSA)
  • Certified Information Systems Security Professional (CISSP)
  • Certified Ethical Hacker (C|EH)
  • Offensive Security Certified Professional (OSCP)
  • Offensive Security Web Expert (OSWE)
  • GIAC Security Essentials Certified (GSEC)
  • GIAC Certified Incident Handler (GCIH)
  • GIAC Web Application Penetration Tester (GWAPT)

Test Your Perimeter

 Find and fix vulnerabilities that ACTUALLY impact your business and compliance goals faster.

Get A Quote

GettyImages-1340944124-1-e1770050447902