Advertise Search Free Magazines Newest Links Categories Register Login

Application Security Architecture Authentication Certifications Corporate Compliance Cryptology Disaster Recovery Enterprise Security Exploits Firewalls Incident Handling Intrusion Detection Link Directory OS Security Podcasts Policies and Procedures Security Basics Security Management Security Tools Servers Standards Techie Humor Video VoIP Vulnerability Management Web Security WIFI Security Worms and Viruses Definition of Social Engineering Social engineering is the practice of obtaining confidential information by manipulation of legitimate users. A social engineer will commonly use the telephone or Internet to trick people into revealing sensitive information or getting them to do something that is against typical policies. By this method, social engineers exploit the natural tendency of a person to trust his or her word, rather than exploiting computer security holes. Most Popular Sponsor Backup & Recovery - Top 10 Reasons to Upgrade

Social Engineering Social Engineering Fundamentals, Part I: Hacker Tactics One morning a few years back, a group of strangers walked into a large shipping firm and walked out with access to the firm's entire corporate network. How did they do it? By obtaining small amounts of access, bit by bit, from a number of different employees in that firm. First, they did research about the company for two days before even attempting to set foot on the premises. For example, they learned key employees' names by calling HR. Next, they pretended to lose their key to the front door, and a man let them in. Then they "lost" their identity badges when entering the third floor secured area, smiled, and a friendly employee opened the door for them. Read the Article Social Engineering Fundamentals, Part II: Combat Strategies This is the second part of a two-part series devoted to social engineering. In Part One, we defined social engineering as a hacker's clever manipulation of the natural human tendency to trust, with the goal of obtaining information that will allow him/her to gain unauthorized access to a valued system and the information that resides on that system. To review: the basic goals of social engineering are the same as hacking in general: to gain unauthorized access to systems or information in order to commit fraud, network intrusion, industrial espionage, identity theft, or simply to disrupt the system or network. Read the Article Identity Theft - The Real Cause Looks at identity theft and the seriously devastating effects it can have today. Identity theft can be achieved by utilizing tactics such as the good old dumpster diving. "...6 out of every 7 bins contain information that is useful to a criminal who wants to steal your identity!" Read the Article Breaking Point: Forging Chaos and Destruction Written to make novices, experts, and LEA's aware of high tech crime scenarios and how easy it has become to pass forgeries or frame someone in today's world without even having to be a computer expert. Read the Article Social Engineering - For the Good Guys This paper covers the importance of a security policy and even more importantly, the necessity of buy-in with management, employees, and your security team. Read the Article Social Engineering This paper will describe social engineering and some of the common techniques used by social engineers. It will suggest policies, standards and procedures for helping to combat such a threat. Read the Article A Multi-Level Defense Against Social Engineering This paper will discuss the basics of social engineering by giving a general overview of social engineering. It will then discuss the psychological triggers that make social engineering so successful. These triggers include strong affect, overloading, reciprocation, deceptive relationships, diffusion of responsibility and moral duty, authority, and integrity and consistency. Finally, this paper will define a multi-level defense that will address these psychological triggers. Read the Article The Use of Social Engineering as a Means of Violating Computer Systems 'Social Engineering' is a practice that can be used to exploit what has long been considered the 'weakest link' in the security chain of an organization -the 'human factor'. As a security professional, it is important to be familiar with this threat, the techniques that could be used and the countermeasures that can be implemented to protect against it. Read the Article A Proactive Defense to Social Engineering This paper covers methods of attack, and the policies and programs that can be put into effect to defend against social engineering. Read the Article Social Engineering - Skill of Chance This paper describes a social engineering scenario. Social Engineering is the art of having people do what you want, or give you info on passwords, with out them knowing they're doing so. Read the Article Page: 1 2 3 Members currently browsing this category:

Copyright 2008 AttackPrevention