170 likes | 361 Views
Social Engineering. Wilfridus Bambang Triadi Handaya Wilfridus.bambang@gmail.com. What is Social Engineering?. art of convincing people to reveal confidential information Uses Psychological Methods Exploits basic human nature Goals are the Same as Hacking.
E N D
Social Engineering WilfridusBambangTriadiHandaya Wilfridus.bambang@gmail.com
What is Social Engineering? • art of convincing people to reveal confidential information • Uses Psychological Methods • Exploits basic human nature • Goals are the Same as Hacking
Goals of Social Engineering Activity • attempt to gather information: • Sensitive information • Authorization details • Access details
Types of Social Engineering • Human-based: Gathers information by interaction exploit trust, fear, and desire to help • Computer-Based: carried out with the help of computers
Human Based Social EngineeringExamples • Eavesdropping • Shoulder Surfing
Human Based Social EngineeringExamples (cont’d) • Pretexting • Dumpster Diving
Human Based Social EngineeringExamples (cont’d) • Reverse Social Engineering, Samples movies
Computer Based Social EngineeringExamples • Social Engineer Toolkit (SET)
Conclusions • Social Engineering is a very real threat • Realistic prevention is difficults • Can be expensive • Easier than technical hacking • Hard to detect and track
“You could spend a fortune purchasing technology and services...and your network infrastructure could still remain vulnerable to old-fashioned manipulation.” Kevin Mitnick
References • http://www.social-engineer.org, accessed on April 18, 2011. 09.00 pm • CEH v6.1, course materials, ec-council • Carback, Rick. “Social Engineering”, 2005 • Bambang, Wilfridus. “Social Engineering, sebagaimetodepengumpulaninformasipadatahapseranganterhadapkeamanansisteminformasi”, 2007