Access control is intended to allow only authorized subject to reach the protected resources.

A comprehensive assessment including penetration test (network and physical), or Red Team Testing, is necessary to evaluate the effectiveness of the control and identify weaknesses like:

  • Misconfiguration
    • System defaults
    • Normal operations run via high system privileges
  • Unpatched systems or components
  • Inherent back door
  • Staff lack of awareness
    • Phishing victim
    • Unattended equipment
    • Unattended login session
  • Insecure entry points (both network and physical) via brute force

Leave a Reply