Access control is intended to allow only authorized subject to reach the protected resources.
A comprehensive assessment including penetration test (network and physical), or Red Team Testing, is necessary to evaluate the effectiveness of the control and identify weaknesses like:
- Misconfiguration
- System defaults
- Normal operations run via high system privileges
- Unpatched systems or components
- Inherent back door
- Staff lack of awareness
- Phishing victim
- Unattended equipment
- Unattended login session
- Insecure entry points (both network and physical) via brute force