Anyone who has taken an information security class in the past ten years has probably heard the “crunchy on the outside, soft on the inside” candy bar analogy of a data net- work security model. This means that all the “hard” security controls are around the outside of the network, and the inside of the network is “soft” and easy to exploit. This architecture is largely prevalent on corporate networks and has even shaped contemporary malware. Despite this being common knowledge, you will, more often than not, encounter this network security architecture in your role as a gray hat hacker. It is important to establish what damage could be done by a determined or bold attacker, one who may not even be all that technology savvy but knows someone he could sell a computer to. The value of personal private information, especially financial or transaction data, is now well known to smaller and less specialized criminals, and even to gangs. The attack doesn’t always come from across the world; sometimes it’s local, remarkably effective, and equally devastating.
When you’re initially discussing penetration testing services with your prospective client, your client likely won’t bring up the physical penetration scenario. This scenario often is not considered, or is overlooked, by CIOs, IT directors, and managers who do not have a physical security background, unless, of course, they’ve already been victimized in this way. Thus, it’ll be up to you to explain this type of testing and its benefits. In the majority of cases, once a client understands the reasons for conducting the physical penetration test, they will eagerly embrace it.