The importance of physical security, when it comes to protecting data and data processing systems, cannot be understated.  If an attacker can gain physical access to computing devices, compromise is virtually guaranteed.  At a minimum, an attacker can physically disable the technology.  In many cases however, an attacker with physical access to computing devices can bypass authentication and other controls to gain access to sensitive information.

Physical compromise does not need to involve access to servers or other sensitive computing areas.  An attacker with access to an organizations facility may be able to plug into the corporate network, install rogue access points or even tap network cables.  Furthermore, the presence of controls may not be enough,  Motion-activated doors can be bypassed, locks can be picked and proximity cards can be cloned creating holes in what was thought to be a secure physical perimeter.  To identify these risks, NWN conducts a variety of physical security tests including:

Perimeter review

NWN physically inspects the perimeter of client facilities looking for open or unlocked doors, the presence of video surveillance, the presence of alarm systems and the presence of accessible network connections.

Sensitive computing areas

NWN physically inspects the data center, server room, wiring closets and similar location that contain key computing resources for protective controls, monitoring capabilities and alarm systems.

Internal physical security

NWN walks through the inside of client facilities looking for; live and accessible network jacks, unlocked workstations, sensitive data and other situations that could provide an attacker with access

Locks and controls testing

NWN tests the effectiveness of locks and similar controls.  These tests may include attempts and lock picking, lock bypass, controls circumvention and temporary disruption of monitoring controls