| Javascript Feeds RSS Feed Security Dashboard | SearchSecurity.com |
|
Social Engineering Fundamentals, Part II: Combat Strategies This is the second part of a two-part series devoted to social engineering. In Part One, we defined social engineering as a hacker's clever manipulation of the natural human tendency to trust, with the goal of obtaining information that will allow him/her to gain unauthorized access to a valued system and the information that resides on that system. To review: the basic goals of social engineering are the same as hacking in general: to gain unauthorized access to systems or information in order to commit fraud, network intrusion, industrial espionage, identity theft, or simply to disrupt the system or network.
By Sarah Granger, 03/20/2004
|
|
The Threat of Social Engineering and Your Defense Against It There are several methods that the malicious individual can use to try to breach the information security defenses of an organization. The human approach, often termed Social Engineering, is one of them. This paper describes Social Engineering and its cost to the organization. It discusses the various forms of Social Engineering, and how they take advantage of human behavior. It also discusses ways to fight and prevent social engineering attacks, and highlights the importance of policy and education in winning the battle.
By Radha Gulati, 03/01/2004
|
|
The Weakest Link: Social Engineering To demonstrate how easily security breaches happen, I asked our department heads to attend a meeting on social engineering. Much to their dismay I explained how within 30 seconds I could break into our system and gain mid-level access to our (then) state-of-the art system, by making one phone call, without using my access code. They didn't believe me; they didn't want to believe the veil of security could dissolve so quickly. So I showed them how it's done. Randomly, I selected one of the department managers, making sure I did not know her personally. I chose Kelly Blake, who happened to be late to the meeting.
By Mark Richardson, 02/24/2004
|
|
Social Engineering: The Human Side Of Hacking Hackers, and possibly even corporate competitors, are breeching companies' network security every day. The latest survey by the Computer Security Institute and the FBI shows that 90% of the 503 companies contacted reported break-ins within the last year.
By Sharon Gaudin, 02/24/2004
|
|
Social Engineering A classic social engineering trick is for a hacker to send email claiming to be a system administrator. The hacker will claim to need your password for some important system administration work, and ask you to email it to him/her. As we explain later, it's possible for a hacker to forge email, making it look like it came from somebody you know to be a legitimate system administrator. Often the hacker will send this message to every user on a system, hoping that one or two users will fall for the trick.
By Del Armstrong , 02/24/2004
|
|
Social Engineering Fundamentals, Part I: Hacker Tactics One morning a few years back, a group of strangers walked into a large shipping firm and walked out with access to the firm's entire corporate network. How did they do it? By obtaining small amounts of access, bit by bit, from a number of different employees in that firm. First, they did research about the company for two days before even attempting to set foot on the premises. For example, they learned key employees' names by calling HR. Next, they pretended to lose their key to the front door, and a man let them in. Then they "lost" their identity badges when entering the third floor secured area, smiled, and a friendly employee opened the door for them.
By Sarah Granger, 02/24/2004
|
|
Page: 1 2 |
