Undercover Hacking, For Money

Dollyknot writes: "Amusing story of a guy employed by IBM to check companies security out by trying to con his way onto their premises." This sounds like a fun job, to say the least, and supplies at least two good reasons to own a digital camera.

Tight security

[einhverfr]

There are a few ways to make a complex secure:

1: Require cardkeys to park a vehicle. This makes it more inconvenient for an attacker. Better yet, require an ID badge to bring a vehicle into all premises except for deliveries (restrict to a small area).

2: Think choke points and isolation levels. Always assume that at least one level of security will be broken and plan for it.

3: Keep the teams that have access to high security areas small and ensure that they know eachother. This helps there.

4: Electronically monitor server rooms. Cardkey and camera should be used for surveillance and there should not be a reason for maintenance workers to have access to the server rooms at all.
This means no garbage cans permanently stationed there. If janitors have access, then they become the weakest link...

I am actually surprised how many problems people have protecting their server rooms...