The presentation address the common methods and tactics used to physical penetration facilities and inserting persistent access devices into the network. Discussion on why those methods work as well as the ways to correct the flaws discussed during the presentation. The incorrect perceptions of physical security vs the reality of physical security from an executive level. Some tool demonstrations will be performed to detail common methods for bypassing physical security controls (not lock picking).
Keith Pachulski is currently working as a Security Consultant for Dell – SecureWorks. Keith has more than 22 years of experience in physical and information security. He is currently responsible for the performance of red team testing, vulnerability assessments, penetration testing, application security assessments, wireless security assessments, compliance assessments (PCI-DSS, HIPAA, ISO 27001(2), FISMA), security strategy, security training, secure network design, policy development, best practices assessments (CERT, NSA, NIST, ISO) and security education and awareness. He has created and managed a Managed Security Services program for a private sector company supporting clients internationally. He has extensive experience working in the Federal sector performing vulnerability assessments, penetration testing and compliance assessments.
Robert Chuvala is a Security Consultant at Dell – SecureWorks. Prior to that he worked at Accuvant Labs. In a previous life he worked at a helpdesk for a large manufacture for 8 years. I experienced first hand the shortcuts that network support people will take to make their small network run on a worldwide network to whom you are but a small byte of the global administrators concerns. I learned to be self sufficient but stayed off the radar of monitoring tools that would have gotten me in trouble. Prior to all of this, I social engineered my way into facilities as a salesman trying to find purchasing agents that needed to buy the widgets I sold.