T_Bone wrote:I am currently reading the book "No Tech Hacking" by Johnny Long, Scott Pinzon and Kevin Mitnick. I would certaintly recommend it when it comes to physical security
And this is why an account on Safari pays off: "Unauthorised Access: Physical Penetration Testing For IT Security Teams[/b]
Gathering the Right Equipment 155
The ‘‘Get of Jail Free’’ Card 155
Photography and Surveillance Equipment 157
Computer Equipment 159
Wireless Equipment 160
Global Positioning Systems 165
Lock Picking Tools 167
Forensics Equipment 169
Communications Equipment 170
Another must have (pokes dynamik go and buy this one too): "Tales from the Front Line" and Counter Intelligence are worth reading as are the methodology/framework they lay out. E.g., without posting TMI:
1. Receiving the assignment – At this stage, contracts have been signed and certain legal formalities observed.
2. Negotiating the Rules of Engagement – These define what you can and can’t do during testing and their purpose is usually to limit testers to a certain scope.
3. Performing Preliminary Research – You are now ready to pursue the initial information-gathering phase. This will take many forms:
• Determining Risk – It’s important to accurately gauge the risk a project poses both to the company and to the team members executing it.
• Writing a Test Plan – A formal (but flexible) test plan is a good idea from both project management and legal perspectives.
• Gathering Equipment – Equipment is discussed in Chapter 8 but it’s important for the team to take gear that’s appropriate to the test without being over encumbered.
4. Providing documentation and legal requirements – Once the planning stage is complete you will have a not insignificant amount of documentation. We discuss what you should have and who should have access to it.
For a book like this, I'd watch Chris Nickerson's (hola) Tiger Team as well: