Ashutosh Jha's Page

Social Engineering

Written by admin on 27 December 2008

WP Greet Box icon

Hello there! If you are new here, you might want to subscribe to the RSS feed for updates on this topic.

Typically, hackers pose as someone else to gain information they otherwise

can’t access. Hackers then take the information obtained from their victims

and wreak havoc on network resources, steal or delete files, and even commit

industrial espionage or some other form of fraud against the organization

they’re attacking. Social engineering is different from physical-security issues,

such as shoulder surfing and dumpster diving, but they are related.

Here are some examples of social engineering:

False support personnel claim that they need to install a patch or new

version of software on a user’s computer, talk the user into downloading

the software, and obtain remote control of the system.

False vendors claim to need to make updates to the organization’s

accounting package or phone system, ask for the administrator password,

and obtain full access.

False contest Web sites run by hackers gather user IDs and passwords

of unsuspecting contestants. The hackers then try those passwords on

other Web sites, such as Yahoo! and Amazon.com, and steal personal or

corporate information.

False employees notify the security desk that they have lost their keys

to the computer room, are given a set of keys, and obtain unauthorized

access to physical and electronic information.

Sometimes, social engineers act as forceful and knowledgeable employees,

such as managers or executives. Other times, they may play the roles of

extremely uninformed or naïve employees. They often switch from one mode

to the other, depending on whom they are speaking to.

Effective information security — especially for fighting social engineering —

begins and ends with your users. The candy-security adage is “Hard

crunchy outside, soft chewy inside.” The hard crunchy outside is the layer of

mechanisms — such as firewalls, intrusion-detection systems, and encryption

— that organizations rely on to secure their information. The soft chewy

inside is the people and the systems inside the organization. If hackers can

get past the thick outer layer, they can compromise the (mostly) defenseless

inner layer.

Social engineering is one of the toughest hacks, because it takes great skill to

come across as trustworthy to a stranger. It’s also by far the toughest hack

to protect against because people are involved.

Related Posts:

Tags: engineering, hack, Social Engineering
Posted in Social Engineering | No Comments »

Previous Topic
Mesothelioma – Information

Next Topic
Why Hackers Use Social Engineering

Leave a Reply

Improve the web with Nofollow Reciprocity.

Log in

Copyright © 2010 Ashutosh Jha's Page All rights reserved Designed by - Mind Bird Solutions

Disclaimer: The views and opinions expressed on this website are strictly those of the author.These may be right or wrong.They have been provided to benefit the public in general.The author has made considerable efforts to present accurate and reliable information on this web site. However, the author does not take any legal responsibility for the accuracy, completeness, or usefulness of the information herein.