- A penetration tester named Andrew Tierney has shared his unusual experience during a pentest.
- Tierney states that he managed to go through cubicles to physically access the data center.
- Physical access to the data center means a great danger; which sometimes the companies underestimate its potential.
While penetration testing mostly focuses on looking for vulnerabilities and breaching into the system, physical access to devices is also an important part of penetration testing. Someone stealing or damaging expensive equipment is also a security concern that can affect the operation. A penetration tester, Andrew Tierney shared an unusual anecdote he experienced.
One of my favourite physical access jobs to a datacenter involved toilets.
Let me explain.
I needed to gain access from the less-secure side of a sub basement floor to the more-secure side.
General office space to data centre. pic.twitter.com/5C4yXD1Yeq
— Cybergibbons (@cybergibbons) July 4, 2022
Publicly available floor plans
When Tierney examined the floor plans of the building, he noticed a corridor running along the back of the toilets, which he refers to as the “piss corridor”. After accessing the insecure side, Tierney enters the toilet and in the accessible cubicle found a door to the corridor. Tierney states that he could easily open it and walked along the corridor.
When he reached the toilets on the secure side of the facility, he leaves the corridor after being sure that there is no one in the toilet. This enabled him to bypass cylinder mantrap gates. The related weak spot in the building can allow malicious actors to access devices and they can even leave the site without any trace. Tierney’s experience once again showed us that physical security is as important as digital security.