The security of the company's physical perimeter is a very critical aspect for companies of a certain size, and of fundamental importance for the protection of company assets, digital and otherwise. Common solutions include, on the one hand, the use of dedicated personnel for this purpose (guards, receptionists, etc.) and, on the other hand, supporting IT systems, such as badge-based access systems, video surveillance systems and alarm systems.
The reasons for the focus on this aspect of corporate security are manifold. An attacker with access to the internal perimeter could easily connect to the company's private network, gain access to critical non-digitalised information, or exploit the privileged position they have gained to carry out social engineering attacks against employees, taking advantage of the fact that they are physically inside the company perimeter.
Although the use of physical access systems is considered crucial, an often underestimated aspect is the convergence between the physical perimeter and the corporate IT infrastructure. Such convergence, in fact, can lead to uncalculated risks, introduced by IT vulnerabilities in the devices used by physical access systems, which can be exploited to circumvent them or gain access to the company's private network.
In order to identify and mitigate the resulting risks, it is necessary to assess the robustness of the systems and devices used also from an IT point of view, including them among the objectives of penetration tests.