IT Arkitektur og Sikkerhed - PowerPoint PPT Presentation

1 / 10
About This Presentation
Title:

IT Arkitektur og Sikkerhed

Description:

'Social engineering is the art' of utilizing human behavior to breach ... Pretending to be from remote office and asking for email access locally. Mitnick, 2002 ... – PowerPoint PPT presentation

Number of Views:30
Avg rating:3.0/5.0
Slides: 11
Provided by: christi356
Category:

less

Transcript and Presenter's Notes

Title: IT Arkitektur og Sikkerhed


1
IT Arkitektur og Sikkerhed
  • Social Engineering

2
Sidste uge
  • I sidste uge gennemgik vi
  • Risiko Analyse

3
Dagsorden
  • I denne uge gennemgår vi
  • Del 1
  • Social Engineering (mini)
  • Del 2
  • Præsentation af prøveeksamen

4
Definition
  • Social engineering is the art of utilizing
    human behavior to breach security without the
    participant (or victim) even realizing that they
    have been manipulated. (SAN)
  • Social engineering preys on qualities of human
    nature
  • The desire to be helpful
  • The tendency to trust people
  • The fear of getting into trouble

5
Physical Cycle of Social Engineering
  • Research (Dumpster diving , et. al.)
  • Developing rapport and trust
  • Exploiting trust
  • Use the information (Local impact)
  • Mitnick, 2002

6
Social Engineering Aspects
  • Appeal to vanity
  • Appeal to authority
  • Eavesdropping
  • Prey on natural helpfulness
  • Manipulate lack of awareness of value of info

7
Applied Approaches
  • Posing as fellow employee
  • Posing as employee of vendor
  • Posing as an authority figure
  • Posing as a new employee requesting help
  • Posing as a vendor offering patch, etc.
  • Offering help if a problem occurs
  • Sending free software or patch to install
  • Sending a virus/Trojan horse
  • Using false pop-up window asking for log-in
  • Capturing victim keystrokes
  • Leaving floppy sitting around with malicious code
  • Using insider lingo to gain trust
  • Offering a prize for registering web site with
    username and password
  • Dropping document or file at company mail room
    for in-house delivery
  • Modifying fax machine heading to appear to come
    from normal location
  • Asking receptionist to receive then forward a fax
  • Asking for a file to be transferred to an
    apparently internal location
  • Getting voice mailbox set up for callbacks,
    making attacker seem internal
  • Pretending to be from remote office and asking
    for email access locally

8
Factors Making Companies Vulnerable
  • Large number of employees
  • Multiple facilities
  • Info on employee whereabouts left invoice mail
    messages
  • Phone extension info made available
  • Lack of security training
  • Lack of data classification system
  • No incident reporting/response plan

9
Common Targets of Attacks in Company
  • Unaware of info value
  • Receptionist
  • Special privileges
  • Helpdesk tech support
  • Specific departments
  • Accounting, HR

10
The Broken
TheBrokenEpisode (fra 535)
Write a Comment
User Comments (0)
About PowerShow.com