Walking Past the Firewall: Physical Vulnerabilities and Attacks
60 min · 2.2
Objective
Students will analyze physical attack vectors — tailgating, piggybacking, shoulder surfing, rogue devices, and insider negligence — against a described facility, and justify which vulnerability poses the greatest risk to a named asset and why (AP Skill 1: Analyze Risk; AP Skill 2: Mitigate Risk).
Hook
6 minOpen by displaying the DEF CON / real-world story: in 2019, penetration tester Jek Hyde (Rachel Tobac's colleagues and many red-teamers have similar reports) walked into corporate offices carrying a laptop and a coffee, smiled at employees, and was HELD the door open for — no badge, no lie, no lock pick. Ask the class the framing question aloud: 'This company spent $4 million on firewalls, EDR, and SIEM last year. Their breach cost more than their entire cybersecurity budget. What did the attacker defeat?' Take 3–4 quick answers. Do not resolve — pivot into direct instruction with the line: 'The strongest network controls are worthless if someone can walk through an unguarded door. Today we learn how attackers walk in.' This primes AP Skill 1 (Analyze Risk) by making students weigh likelihood against impact before any content is delivered.
Direct instruction
- 6m
Why physical security IS cybersecurity
Content
Digital defenses assume the machine is already physically secure. The moment an adversary reaches hardware, most of the assumptions built into network security collapse: they can plug in a rogue device to bypass the firewall from the inside, remove a drive and image it offline defeating disk encryption if the machine was left logged in, install a hardware keylogger between the keyboard and the tower, or simply carry the server out. The attack surface therefore includes every door, window, loading dock, smoking area, and unattended workstation — not just the login page. Real example: in the 2014 Target breach the initial foothold came through an HVAC vendor's credentials, but the follow-on lesson red-teamers took was that vendor and janitorial access is often the cheapest path in — because those people are trusted to be in the building after hours with keys.
Delivery
Emphasize the phrase 'digital controls assume physical security.' Ask: 'If I unplug your laptop and walk out with it, does your password matter?' Expect a mix — some will say yes because of full-disk encryption; press them on whether the machine was locked or asleep. Head off the misconception that physical attacks are exotic or rare — for most SMBs they are the CHEAPEST attack path. Connect back to AP Skill 1: likelihood of a physical intrusion in an unmonitored facility is often higher than the likelihood of a zero-day exploit against a patched firewall.
- 6m
Tailgating vs. piggybacking — the human-cooperation difference
Content
These two are constantly confused on the exam. Tailgating is UNKNOWING — the attacker slips through a controlled door behind an authorized person who does not realize they are there (walking briskly through a slowly-closing badge door, entering during a shift-change crowd). Piggybacking is CONSENTING — the authorized person KNOWS the attacker is there and lets them through anyway, usually because the attacker has manipulated social norms (arms full of boxes, dressed as a delivery driver, wearing a lanyard with a fake badge, claiming to have forgotten their card). Both defeat a badge reader; the countermeasures differ. Tailgating is defeated by physical controls that admit exactly one person at a time — mantraps, turnstiles, anti-passback rules. Piggybacking is defeated by TRAINING and CULTURE — employees must be empowered to say 'please badge in yourself' without feeling rude. Worked example: a red-teamer wearing a maintenance uniform pushes a wheeled cart up to a badged door. An employee sees the cart, holds the door, says 'here, let me get that for you.' That is piggybacking — the employee actively cooperated. If instead the red-teamer had waited around the corner and darted through as the door closed behind that same employee, that would be tailgating.
Delivery
Force the distinction with a quick check: 'Attacker slides in behind someone texting on their phone — which is it?' (Tailgating.) 'Attacker in a UPS uniform gets the door held for them — which is it?' (Piggybacking.) Pre-empt the misconception directly: they are NOT synonyms; the AP exam will ask you which one, and the answer hinges on whether the authorized person KNEW and COOPERATED. Note that piggybacking is a form of social engineering; tailgating usually is not.
- 5m
When controls exist but fail: propped doors, unmonitored cameras, insider negligence
Content
A camera that no one watches is a recording of your breach, not a prevention of it. A $2,000 badge reader is defeated by a $2 rubber wedge under the door. The most common physical failures are not attackers defeating controls — they are employees disabling controls for convenience: propping the loading-dock door open on hot days, taping over the strike plate of a self-locking door so it doesn't slam, sharing a badge with a coworker who forgot theirs, writing the server-room PIN on a sticky note under the keyboard. This is the insider-threat category most students miss: the well-meaning insider. They are not stealing; they are being helpful, and helpfulness is the vulnerability. Shoulder surfing exploits the same principle at the credential layer — someone reads your password over your shoulder in a coffee shop, or films your PIN entry with a phone camera from across the lobby.
Delivery
Ask: 'Have you ever propped a door open at school? Why?' Normalize that it feels harmless — that is the point. The misconception to name explicitly: insider threats are not mostly malicious. Most are careless-but-nice people. Connect to AP Skill 2 (Mitigate Risk): the mitigation for a propped door is not more expensive locks, it is door-alarm sensors AND policy AND training — layered controls that address the human factor.
- 5m
From door to data — how one physical breach cascades
Content
Trace the kill chain of a physical breach so students see the cascade. Step 1: attacker piggybacks through the lobby door behind a delivery. Step 2: attacker walks the hallway; nobody challenges an unfamiliar face because the culture doesn't require it. Step 3: attacker finds an unlocked, unattended workstation — the user went to lunch without locking (Ctrl+Alt+Del or Win+L). Step 4: attacker inserts a USB rubber ducky (a rogue device that presents itself as a keyboard and types commands at superhuman speed) which opens a reverse shell to the attacker's server. Step 5: the workstation is behind the corporate firewall, trusted by internal systems; the attacker now has an internal foothold and can pivot to the file server, the domain controller, the database. Total time on site: under four minutes. Total cost to the attacker: a $15 USB device and a UPS uniform from a costume shop. This is why AP frames physical and network security as ONE attack surface, not two.
Delivery
Walk the five steps out loud in order — pause between each and ask 'what control could have stopped it here?' Expect answers like: mantrap (step 1), challenge culture / visitor escort (step 2), screen-lock policy with short timeout (step 3), USB port disablement or endpoint DLP (step 4), network segmentation (step 5). This directly rehearses AP Skill 2 (Mitigate Risk) with layered controls. End with the takeaway: one physical failure is enough — defense in depth means every layer must assume the previous one failed.
Activities
- 25m
Red-Team Walkthrough: Annotated Floor Plan Threat AssessmentLab
Students work in pairs as a red team hired to assess a small tech-company office. They receive the floor plan below, mark every physical attack vector, name the specific technique at each point, rank the top three by risk to the crown-jewel asset (the server room housing customer PII), and propose a layered mitigation for their #1 finding. This targets AP Skill 1 (Analyze Risk) in the identification/ranking phase and AP Skill 2 (Mitigate Risk) in the countermeasure phase. Run order (25 min): 1. (2 min) Distribute handout, form pairs, assign roles: one 'attacker' mindset, one 'defender' mindset. 2. (10 min) Pairs annotate the floor plan in red pen — mark every vulnerability with a number and label the technique (tailgating, piggybacking, shoulder surfing, rogue device drop, dumpster diving, credential theft, insider negligence). Circulate and prompt pairs that stop at 3–4 findings: 'What about the smoking area? The delivery dock? The reception desk itself?' 3. (8 min) Each pair completes the written analysis (Parts 2 and 3 of the handout) on a laptop. 4. (5 min) Cold-call two pairs to present their #1 ranked risk and mitigation. Push back Socratically: 'Why is that worse than what the other pair chose?' — this is exactly the AP free-response justification pattern. Student handout: Red-Team Assessment — Meridian Analytics, Suite 400 Scenario: You are a red team hired by Meridian Analytics, a 40-person data-analytics firm on the 4th floor of a shared office building. Your engagement scope is physical only. The crown-jewel asset is the server room (Room 412), which contains customer PII covered by state breach-notification law. Management believes the office is secure because it has badge readers, cameras, and a receptionist. The floor plan (Suite 400, 4th floor): - Main entrance (Door A): glass door off the elevator lobby, badge reader, closes on a slow hydraulic hinge (approx. 5 seconds) - Reception desk (R): staffed 9–5 by one receptionist; visitor log is a paper sign-in sheet; guest badges are pre-printed and sit in an unlocked drawer - Open cubicle floor (C): 32 workstations, no privacy screens; several face the window overlooking the elevator lobby - Conference room (CR): glass walls, whiteboard often has architecture diagrams and IP addresses left over from meetings - Break room (B): exit door to an exterior stairwell for smoke breaks; door is self-locking but employees prop it with a brick during summer - Server room (Room 412): keypad lock (4-digit PIN, unchanged for 3 years), one camera in the hallway outside, no camera inside, ceiling is drop-tile - Loading dock / IT storage (LD): shared with the building; UPS and food-delivery drivers enter through here daily; door is often held open when boxes are stacked - Dumpster (D): in the alley behind the building, not locked, receives all office paper and old hardware Part 1 — Attack surface mapping (10 min): On the floor plan, mark each vulnerability with a red number. Next to each number, write the specific technique an adversary would use. You must find at least 7 distinct vulnerabilities and use at least 5 different techniques from today's vocabulary. Part 2 — Risk ranking (5 min): List your top 3 vulnerabilities in order of risk TO THE SERVER ROOM ASSET. For each, complete: - Vulnerability: _____ - Technique the attacker uses: _____ - Likelihood (Low / Med / High) and why: _____ - Impact if exploited (Low / Med / High) and why: _____ - Justification for this ranking position: _____ Part 3 — Layered mitigation (3 min): For your #1 ranked vulnerability ONLY, propose two layered controls that address it — one physical or technical, one human/procedural. Explain why one control alone is insufficient.
Materials
- Printed floor-plan handout (one per pair)
- Colored pens or highlighters (red, blue, green)
- Laptops (one per pair) for the write-up
- Timer visible to class
Example outputs
- Sample Part 1 finding: '#3 Break-room stairwell door — Tailgating and rogue device drop. The propped brick defeats the self-lock; an attacker enters during smoke breaks unnoticed, and could drop a USB rubber ducky in the break room for a curious employee to plug in.'
- Sample Part 2 top ranking: '#1 Server-room keypad PIN unchanged for 3 years, no interior camera. Technique: credential theft via shoulder surfing at the keypad, or insider negligence (PIN shared informally). Likelihood HIGH — a 4-digit PIN observed once from the hallway is retained; 3 years means many former employees know it. Impact HIGH — direct access to PII, drop-ceiling gives a covert egress path. Ranked above the propped break-room door because that door only reaches the office floor, whereas this vulnerability reaches the crown-jewel asset directly.' Mitigation: (physical) replace keypad with badge + biometric two-factor and rotate any shared secret quarterly; (human) mandatory annual physical-security training that specifically covers shoulder-surfing at keypads and empowers employees to challenge anyone loitering near Room 412. One alone is insufficient because a strong reader is defeated by a shared credential, and training alone leaves the 3-year-old PIN in place.
Formative assessment
9 minAn attacker wearing a plausible delivery uniform approaches a badged door with a large box. An employee sees them, says 'here, let me get that,' and swipes them through. Which physical attack technique is this, and what specific control category best mitigates it? (Targets AP Skill 1: Analyze Risk.) A) Tailgating — mitigated by installing a mantrap B) Piggybacking — mitigated by security-awareness training and challenge culture C) Shoulder surfing — mitigated by privacy screens D) Dumpster diving — mitigated by shredding policy
multiple choiceB. This is piggybacking because the authorized employee KNEW the attacker was there and cooperated (held the door). Tailgating would require the employee to be unaware. Piggybacking exploits social norms, so hardware alone (mantraps, turnstiles) does not solve it — the fix is training employees that it is acceptable and expected to require even a person with a box to badge in themselves.A hospital has: (i) a loading-dock door propped open by staff during shift changes, (ii) an unlocked dumpster receiving discarded patient paperwork, and (iii) an unattended nurse workstation left logged in during rounds. The crown-jewel asset is the electronic health record (EHR) database. Rank these three vulnerabilities from GREATEST to LEAST risk to the EHR and justify your ranking in 2–3 sentences. (Targets AP Skill 1: Analyze Risk — AP-style free response.)
short answerAcceptable ranking (with justification): 1st (iii) unattended logged-in workstation — highest risk because it grants direct authenticated access to the EHR from inside the network with no further exploitation needed; a rogue device (USB rubber ducky) inserted here gives immediate database access. 2nd (i) propped loading-dock door — high likelihood of physical entry but the attacker still needs a further step (find a workstation, credentials, or install a rogue device) to reach the EHR. 3rd (ii) unlocked dumpster (dumpster diving) — real risk to PII already discarded and could yield credentials, but does not directly reach the live EHR and requires the attacker to correlate paper findings with a subsequent intrusion. Full credit requires impact AND likelihood reasoning tied specifically to the EHR asset, not generic 'this is bad because.'A CISO argues: 'We spent $500,000 on next-generation firewalls and EDR this year. Our physical security budget can stay flat.' Using ONE specific attack chain covered today, explain in 3–4 sentences why this reasoning fails, and name two layered controls (one physical, one human) that the CISO should fund instead. (Targets AP Skill 2: Mitigate Risk.)
short answerThe reasoning fails because network controls assume the endpoint is physically secure — once an attacker is inside the building, they can piggyback through the lobby, find an unlocked workstation, and plug in a rogue device (e.g., USB rubber ducky) that opens a reverse shell from BEHIND the firewall, rendering the $500K firewall investment moot. The attacker never touched the perimeter the firewall defends. Two layered controls: (physical) mantrap or turnstile at the main entrance to prevent piggybacking, and USB port control / endpoint DLP to block rogue-device execution; (human) mandatory challenge-culture training so employees do not hold doors for unbadged people, and short-timeout auto screen-lock policy. Full credit names one physical AND one human control and ties them to a specific step of the described chain.
Vocabulary
- physical security
- Controls (locks, doors, badges, guards, cameras) that protect facilities and the assets inside them from unauthorized physical access.
- tailgating
- Slipping through a controlled door behind an authorized person WITHOUT their knowledge or cooperation.
- piggybacking
- Being deliberately let through a controlled door by an authorized person who believes they are helping — the person cooperates.
- social engineering
- Manipulating people (trust, courtesy, authority, urgency) rather than technology to gain unauthorized access.
- shoulder surfing
- Observing screens, keypads, or paperwork over someone's shoulder to steal credentials or sensitive information.
- rogue device
- An unauthorized piece of hardware (USB drop, keylogger, Wi-Fi Pineapple, Raspberry Pi) plugged into a target network to create a foothold.
- insider threat
- Risk originating from someone with legitimate access — often a well-meaning employee whose careless behavior (propping a door, sharing a badge) enables a breach.
- attack surface
- The total set of entry points — digital AND physical — an adversary could exploit to reach an asset.
- adversary
- The threat actor attempting to reach an asset; in physical attacks, one whose capability includes on-site presence and social manipulation.
- credential theft
- Obtaining valid usernames, passwords, badges, or PINs — often via shoulder surfing, dumpster diving, or a rogue device — to impersonate a legitimate user.
- unauthorized access
- Entry to a space, system, or asset without permission from the owner, regardless of whether force, deception, or negligence enabled it.
Common misconceptions
- 'Physical attacks require breaking or forcing something.' In reality the majority of successful physical breaches use no force at all — piggybacking, tailgating, and shoulder surfing rely on manipulating people or exploiting propped doors and shared badges. Force is loud, expensive, and rare compared to smiling and carrying a coffee.
- 'A building with locks and cameras is physically secure.' Cameras that no one monitors record the breach but do not prevent it. A door with a strong lock is defeated by a rubber wedge, a piece of tape over the strike plate, or an employee who props it open for convenience. Controls must be monitored and reinforced by policy or they are theater.
- 'Tailgating and piggybacking are the same thing.' They both defeat a badge reader, but the distinction is whether the authorized person KNEW and cooperated. Tailgating = unknowing; piggybacking = knowing and helpful. Mitigations differ — hardware (mantraps) stops tailgating; training and culture stop piggybacking. The AP exam relies on this distinction.
- 'Insider threats are rare and mostly malicious.' The most common insider threat is a well-meaning employee being helpful — propping the break-room door on a hot day, holding the elevator for someone with their hands full, letting a coworker use their badge 'just this once.' Malicious insiders exist but are outnumbered by careless-but-nice ones, and the mitigation (training + policy + door sensors) is the same either way.
Materials checklist
- Printed floor-plan handout for Meridian Analytics, Suite 400 (one per pair)
- Colored pens/highlighters — red, blue, green (one set per pair)
- Student laptops (one per pair) for write-up
- Projector for slide deck
- Timer visible to whole class
- Printed formative assessment (or digital form)