1 / 13

Social Engineering

Social Engineering. Presented by James H. Sunshine October 26, 2004. Overview. Definitions Security Holes Attack Strategies Countermeasures Ethics Summary. A very DRY topic indeed! Ba-doom Boom! . Definitions. Social Engineering:

burian
Download Presentation

Social Engineering

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Social Engineering Presented by James H. Sunshine October 26, 2004

  2. Overview • Definitions • Security Holes • Attack Strategies • Countermeasures • Ethics • Summary

  3. A very DRY topic indeed! Ba-doom Boom! 

  4. Definitions • Social Engineering: • The art and science of getting people to comply with your wishes. • An outside hacker’s use of psychological tricks … in order to obtain information [needed] to gain access to the system. • Getting needed information …from a person rather than breaking into a system.

  5. My definition Using people to get, or help get, what you want. So what are the tools and methods? How do they operate? What makes it so effective?

  6. Security Holes Where are the weak points in a system?

  7. Attack Strategies Tools and Methods • Telephone • Who to call? • What to say? • Dumpster Diving • What are they looking for? • Persuasion/Impersonation • Who to impersonate? • What information can be persuaded?

  8. Operations Attack Strategies • Research! Do your homework! • Network scan? Know the boss’ computer. • Get a foot in the door. Assistance? • Are the computer’s unlocked? How’s the security? • What information is needed? Where is it?

  9. Why is it effective? Attack Strategies • People want to help. • People fear authority. • People feel its ok to give small, innocuous pieces of information. • People don’t give a second thought to unusual instances, and so many security breaches go unreported.

  10. Countermeasures • What can be done to prevent some of these attacks? • TRAINING!!!!!!!!!!!!!!!!!!!!!!!!!! • Passwords • Document handling • Shredding confidential data • Lockup of confidential data • Physical security • Badge control • Guest escort • Phone tracking/monitoring

  11. Ethics • How does ethics apply? • Spells out procedures. • Clearly defines who to call. • Encourages questioning of unusual instances. • Introduces tight controls to limit the ability of someone giving out confidential information.

  12. Summary • Social Engineering is insidiously tricky to combat, but not impossible. • The human is the weakest link in any security system, and yet is the trickiest to exploit. • Training is the best defense against attacks. • Ethics plays an important role in defending against social engineering.

  13. References • searchsecurity.techtarget.com • www.securityfocus.com • www.cioinsight.com • www.securitygroup.org

More Related