物理安全就是网络安全.pdf

1、1Physical Security is Cyber SecurityOoregon Cyber Resilience SummitOctober 2024Ryan FerranSenior Penetration Tester and Manager of CyberSecurity Assessment Services2Ryan FerranManager,CyberSecurity Assessment Services Senior penetration tester Seven years offensive security Twelve years system admin

2、istration Technical Penetration Testing Physical Penetration Testing Social Engineering In-person social engineering Phone-based Email Also known as:ryanfbpmsec:$whoamihttps:/ FerranOperational Technology Assessment TeamCertified SCADA Security Architect Power:distribution,transmission,generation on

3、 the BES Water Treatment Waste Water Municipalities Industrial Manufacturing4Contents What is physical security How does physical security relate to Cyber Security What are your publicly accessible areas and assets Physical vulnerabilities and exploits In-person social engineering Strategies and suc

4、cess storiesQuestions/comments are encouraged!Image source:https:/ security and cyber security are a two way street Every Cyber Event has a Physical Manifestation Each one protects the other It is still true that physical security subsumes cyber security Who holds the box owns the box Disk Encryptio

5、n!How easy is it to physically access your internal network?https:/ Is Physical Security?7Physical Security Is More Than a Locked DoorIn-person social engineeringLying to employees facesPresenting as a vendor:Printers,POSPretending to be a actual employeeDelivery,cleaning,shredding service etc.Physi

6、cal security assessmentAnalogue doors and locksPhysical layout vulnerabilitiesElectronic locksRFID Badge systemsPhysical Network AccessCamerasAlarmsUnlocked unattended workstationsWireless peripheral devicesWiFi Access Points8Attackers Toolkit9How Does Physical Security Relate to Cyber Security?10Il