1 / 11

Social Engineering

Social Engineering. Jero-Jewo. Social Engineering.

moeshe
Download Presentation

Social Engineering

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Social Engineering • Jero-Jewo

  2. Social Engineering • Social engineering is the act of manipulating people into performing actions or divulging confidential information. While similar to a confidence trick or simple fraud, the term typically applies to trickery or deception for the purpose of information gathering, fraud or computer system access; in most cases the attacker never comes face-to-face with the victim. – www.wikipedia.org

  3. Case study • As a service provider, Duo Consulting helps clients manage the publication of critical business information on their web sites. • Integrity and availability are important considerations for Duo when processing requests for changes • 99% of requests from clients come from known client contacts.

  4. Case Study • There is currently a communication process in place to receive and manage requests. • How should we handle requests from contacts that are not known?

  5. Real World • New request comes in from an unknown contact at Setton Farms for ftp access to their web server on a Saturday. • Request bounces around until it comes to CTO. • Requester is contacted and an inquiry is made about need for ftp access.

  6. Real World • Contact explains that there is an immediate need to publish critical information about a recall on their site and they have hired a designer to make the updates to their site.

  7. What happened next? • Question identity of requester • Question authenticity of request

  8. What’s missing? • We do not have a policy or process in place to confirm identity of contacts making requests • We do not have a list of authorized contacts • There is a service level agreement in place for managed hosting - but nothing defined about emergency requests from clients that do not have a services support contract in place

  9. Next Steps • Solve the problems!

More Related