Channel Marker

Feb 21 2007   10:07AM GMT

Do a penetration test, quick!



Posted by: Brein Matturro
Tags:
Network and application security
Reseller channel business development

You already knew that your customers’ employees are often a huge security liability. But if you needed any more proof, this week’s Stop and Shop scandal might help to convince you.

In a nutshell, thieves stole account and personal identification numbers from customers’ credit and debit cards at stores in Rhode Island and Massachusetts by tampering with checkout-lane keypads. At some point, these data thieves must have accessed the keypads by entering the building and physically tampering with them, then reinstalling. How could this have happened?

One NetworkWorld story may have the answer (if not to this particular breach, then possibly to others). A penetration tester from NTA Monitor Inc. got into a company’s building by waiting until a group of smokers finished their smoke break, then slipping in behind the last employee. He managed to get upstairs by saying that IT had sent him, and successfully attached his computer to the company’s VoIP network. Scary, I know.

If your customer is relying on employees to sound the intruder alarm — or if there are unsecured entry points into their buildings — all of the firewalls, IDS, VPNs, and monitoring devices you’ve implemented may not help. You CAN make sure you’ve given your customer a fighting chance, however, by checking out the brand new Penetration Testing Project Guide on SearchSecurityChannel.com.

As G.I. Joe used to say, “Knowing is half the battle.” Do your own penetration testing, and then educate, educate, educate your customer. You’ll be their greatest asset.

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: