social Engineering its importance during Security Audits and
- Slides: 31
social Engineering its importance during Security Audits and By: - Vismit Sudhir Rakhecha(Zhug)
There is no Patch, For human stupidity !
Case Studies
What is Social Engineering ? Famous hacker Kevin Mitnick helped popularize the term “social engineering” in the ‘ 90 s, but the simple idea itself has been around for ages. Social engineering is the art of gaining access to buildings, systems or data by exploiting human psychology, rather than by breaking in or using technical hacking techniques.
Our Life Today
How Social Engineering works? There an infinite number of social engineering exploits. A scammer may trick you into leaving a door open for him, visiting a fake Web page or downloading a document with malicious code, or he might insert a USB in your computer that gives him access to your corporate network.
Exploitation of Human Behavior
Types of Social Engineering There are two main categories under which all social engineering attempts could be classified. • Computer or Technology based • Human based or Non-Technical
SE and Security Audit We can break social engineering audits into two main categories, Internal and External, then from there break them down into smaller sub-categories.
Internal SE
Preparation (Pre-Audit) : - • Only the admin panel aware of the exercise. • Obtain current policies and procedures. • Obtain Employees list. • Define “Target”. • Some SPY Devices (Pen, Button, etc. ) • Fake authorization letters. • Letter Head
Phase I (Info Gathering) The social engineer who begins his attack with little or no information is destined for failure. Gathering information about the company, its practices, and employees, and identifying potential weaknesses is the goal. Employee lists, internal phone numbers, corporate directories and sensitive security information are prized possessions to the social engineer.
Phase II (Physical Entry) While the social engineer will generally attempt to accomplish his mission without ever physically stepping foot on company property, sometimes it is necessary to gain physical access to gather further information. There are many common tricks that the social engineer can use to gain physical access to a facility. The security auditor can also use these to test physical security procedures.
Results
I Gained
• Sensitive Information on Technology used • Network architecture. • Lots of Technical Information reveled to “College Student”. • Official letter in store room. • Gained Access to Server Room.
External SE
In External SE, the base is our PHASE I. Over here we will use Computer or Electric Device to perform audit.
Phishing
Spyware
Spam mail
Baiting
SMSing
Social Networking
QUESTIONS ? ? ? Contact : rvismit@gmail. com www. facebook. com/rvismit
- Private securit
- Health audit directorate
- Interview method of data collection
- Iso 15189 internal auditor
- Georgia department of audits
- Audits and inspections of clinical trials
- Operations auditing
- Audits personnalis s
- Essential elements of internal audit
- Naima farooq
- Do254
- How can channel member performance be evaluated?
- Dependent audits
- Sas 70 definition
- Perpetual project closure
- Issai 4000
- Cjis audits
- Infection control audits
- Prepare software audit
- Multimedia compliance audit
- Nap audits
- Vraag
- Essay on nature
- Importance of security analysis and portfolio management
- Bright filled paperweight
- Its halloween its halloween the moon is full and bright
- Social thinking and social influence
- Social thinking social influence social relations
- Wireless security in cryptography
- E commerce security meaning
- What is the path followed by a projectile
- Reading