Preface. Acknowledgements. Foreword. 1 The Basics of Physical Penetration Testing. What Do Penetration Testers Do? Security Testing in the Real World. Legal and Procedural Issues. Know the Enemy. Engaging a Penetration Testing Team. Summary. 2 Planning Your Physical Penetration Tests. Building the Operating Team. Project Planning and Workflow. Codes, Call Signs and Communication. Summary. 3 Executing Tests. Common Paradigms for Conducting Tests. Conducting Site Exploration. Example Tactical Approaches. Mechanisms of Physical Security. Summary. 4 An Introduction to Social Engineering Techniques. Introduction to Guerilla Psychology. Tactical Approaches to Social Engineering. Summary. 5 Lock Picking. Lock Picking as a Hobby. Introduction to Lock Picking. Advanced Techniques. Attacking Other Mechanisms. Summary. 6 Information Gathering. Dumpster Diving. Shoulder Surfing. Collecting Photographic Intelligence. Finding Information From Public Sources and the Internet. Electronic Surveillance. Covert Surveillance. Summary. 7 Hacking Wireless Equipment. Wireless Networking Concepts. Introduction to Wireless Cryptography. Cracking Encryption. Attacking a Wireless Client. Mounting a Bluetooth Attack. Summary. 8 Gathering the Right Equipment. The ‘‘Get of Jail Free’’ Card. Photography and Surveillance Equipment. Computer Equipment. Wireless Equipment. Global Positioning Systems. Lock Picking Tools. Forensics Equipment. Communications Equipment. Scanners. Summary. 9 Tales from the Front Line. SCADA Raiders. Night Vision. Unauthorized Access. Summary. 10 Introducing Security Policy Concepts. Physical Security. Protectively Marked or Classified GDI Material. Protective Markings in the Corporate World. Communications Security. Staff Background Checks. Data Destruction. Data Encryption. Outsourcing Risks. Incident Response Policies. Summary. 11 Counter Intelligence. Understanding the Sources of Information Exposure. Social Engineering Attacks. Protecting Against Electronic Monitoring. Securing Refuse. Protecting Against Tailgating and Shoulder Surfing. Performing Penetration Testing. Baseline Physical Security. Summary. Appendix A: UK Law. Computer Misuse Act. Human Rights Act. Regulation of Investigatory Powers Act. Data Protection Act. Appendix B: US Law. Computer Fraud and Abuse Act. Electronic Communications Privacy Act. SOX and HIPAA. Appendix C: EU Law. European Network and Information Security Agency. Data Protection Directive. Appendix D: Security Clearances. Clearance Procedures in the United Kingdom. Levels of Clearance in the United Kingdom. Levels of Clearance in the United States. Appendix E: Security Accreditations. Certified Information Systems Security Professional. Communication–Electronics Security Group CHECK. Global Information Assurance Certification. INFOSEC Assessment and Evaluation. Index.