Scribd Logo
Загрузить

Добро пожаловать в Scribd!

  • Hacking Module 09

    Загружено:

    Jitendra Kumar Dash
    84 просмотров16 страниц
    Social engineering is the use of influence and persuasion to deceive people. It includes acquisition of sensitive information or inappropriate access privileges. People are usually the weakest link in the security chain.

    Исходное описание:

    Оригинальное название

    hacking Module 09

    Авторское право

    © Attribution Non-Commercial (BY-NC)

    Доступные форматы

    PPT, PDF, TXT или читайте онлайн в Scribd

    Этот документ был вам полезен?

    Это неприемлемый материал?

    Пожаловаться на этот документ
    Social engineering is the use of influence and persuasion to deceive people. It includes acquisition of sensitive information or inappropriate access privileges. People are usually the weakest link in the security chain.

    Авторское право:

    Attribution Non-Commercial (BY-NC)
    Скачайте в формате PPT, PDF, TXT или читайте онлайн в Scribd
    Отметить как неприемлемый контент
    84 просмотров16 страниц

    Hacking Module 09

    Загружено:

    Jitendra Kumar Dash
    Social engineering is the use of influence and persuasion to deceive people. It includes acquisition of sensitive information or inappropriate access privileges. People are usually the weakest link in the security chain.

    Авторское право:

    Attribution Non-Commercial (BY-NC)
    Скачайте в формате PPT, PDF, TXT или читайте онлайн в Scribd
    Отметить как неприемлемый контент
    из 16

    NMCSP

    2008 Batch-I

    Module IX
    Social Engineering
    Scenario
    Mary has cracked Janie’s password!!!!
    She did not even use a system. All she did was social
    engineering on Janie. That day in the afternoon Mary came to
    know that Janie, her colleague had stored some important
    client files in her mailbox. Mary wanted that client list as she
    could easily meet the sales target with the help of that
    information.
    Mary and Janie were working as sales managers for almost 5
    years in the organization and so knew each other well. Mary
    asked Janie out to a restaurant that evening for an informal
    chat session. Not knowing Mary’s intention, Janie agreed to
    come.
    At the restaurant Mary asked some personal questions that
    could help her in cracking Janie’s password. And it really
    helped. During the due course of their conversation, Janie
    revealed her secret answer for her password to Mary.
    Just think what Janie will face after Mary cracks into her
    mailbox…..to make matters worse she may even have identity
    crisis.
    Module Objectives

     What is Social Engineering?


     Common Types of Attacks
     Social Engineering by Phone
     Dumpster Diving
     Online Social Engineering
     Reverse Social Engineering
     Policies and Procedures
     Employee Education
    Module Flow

    Aspects of Social Engineering Social Engineering Types

    Computer Based
    Reverse Social Engineering
    Social Engineering

    Policies and Procedures


    What is Social Engineering?

     Social Engineering is the use of influence and


    persuasion to deceive people for the purpose of
    obtaining information or persuading the victim
    to perform some action.
     Companies with authentication processes,
    firewalls, virtual private networks, and network
    monitoring software are still wide open to
    attacks.
     An employee may unwittingly give away key
    information in an email or by answering
    questions over the phone with someone they
    don't know or even by talking about a project
    with co workers at a local pub after hours.
    Art of Manipulation

     Social Engineering includes acquisition of


    sensitive information or inappropriate access
    privileges by an outsider, based upon the
    building of inappropriate trust relationships
    with outsiders.
     The goal of a social engineer is to trick someone
    into providing valuable information or access to
    that information.
     It preys on qualities of human nature, such as
    the desire to be helpful, the tendency to trust
    people and the fear of getting in trouble.
    Human Weakness

     People are usually the


    weakest link in the
    security chain.
     A successful defense
    depends on having good
    policies in place and
    educating employees to
    follow the policies.
     Social Engineering is the
    hardest form of attack to
    defend against because it
    cannot be defended with
    hardware or software
    alone.
    Common Types of Social Engineering

     Social Engineering can


    be broken into two types:
    human based and
    computer based.
    1. Human-based Social
    Engineering refers to
    person to person
    interaction to retrieve the
    desired information.
    2. Computer based Social
    Engineering refers to
    having computer software
    that attempts to retrieve
    the desired information.
    Human based - Impersonation

    Human based social


    engineering techniques can be
    broadly categorized into:
     Impersonation
     Posing as Important User
     Third-person Approach
     Technical Support
     In Person
    • Dumpster Diving
    • Shoulder Surfing
    Example
    Example
    Computer Based Social Engineering

     These can be divided into


    the following broad
    categories:
    • Mail/IM attachments

    • Pop-up Windows

    • Websites/Sweepstakes

    • Spam Mail
    Reverse Social Engineering

     More advanced method of gaining illicit


    information is known as "reverse social
    engineering“.
     This is when the hacker creates a persona that
    appears to be in a position of authority so that
    employees will ask him for information, rather
    than the other way around.
     The three parts of reverse social engineering
    attacks are sabotage, advertising and assisting.
    Policies and Procedures

     Policies are the most critical component to any


    information security program.
     Good policies and procedures are not effective if
    they are not taught and reinforced to the
    employees.
     They need to be taught to emphasize their
    importance. After receiving training, the
    employee should sign a statement
    acknowledging that they understand the
    policies.
    Security Policies - Checklist

     Account Setup
     Password Change Policy
     Help Desk Procedures
     Access Privileges
     Violations
     Employee Identification
     Privacy Policy
     Paper Documents
     Modems
     Physical Access Restrictions
     Virus Control
    Summary

     Social Engineering is the use of influence and


    persuasion to deceive people for the purpose of
    obtaining information or persuading the victim to
    perform some action.
     Social Engineering involves acquiring sensitive
    information or inappropriate access privileges by an
    outsider.
     Human-based Social Engineering refers to person to
    person interaction to retrieve the desired information.
     Computer based Social Engineering refers to having
    computer software that attempts to retrieve the desired
    information.
     A successful defense depends on having good policies in
    place and diligent implementation.

    Вам также может понравиться