Red Team Checklist – Physical Security Devices​

Physical security devices are often the first line of defense protecting facilities, personnel, and sensitive assets. However, misconfigured interfaces, exposed services, and weak operational controls can create opportunities for attackers to bypass these protections. This Red Team checklist is intended to help security teams evaluate the resilience of physical security devices, related processes and testing both technical controls and human responses. Check for publicly accessible interfaces

▢ Is it needed?​

▢ If so, do default credentials still work?​

Test exposed ports & services​

▢ Is it needed?​

▢ If so, are the ports secure or sending data in clear text? Validate secure boot enforcement​

▢ Prevent attackers from bypassing your device security

         when powered on/restarted​

Simulate supply chain tampering

▢     Table top incident response exercises​ Review Physical Security Controls ​

▢ Does the control do what it’s supposed to, and ONLY

          what it’s supposed to?​ Test your team​

▢ “Forget” your access card and try to get into the office​