Social Engineering as a Means of Exploitation Carrie Estes.

Slides:

Advertisements

Similar presentations

Electronic Voting Systems

Advertisements

PhoenixPro Procurement. technology. contracts. projects.

Introduction and Overview of Digital Crime and Digital Terrorism

The Art of Social Hacking

INTERNET SAFETY.

Information Security Awareness Training

SECURITY AND SOCIAL ENGINEERING US Department of Commerce Office of Security Updated 09/26/11 Security is Everyone's Responsibility – See Something, Say.

AVG- Protecting those who are vulnerable.  Free Anti-Virus Software ◦ J.R. Smith President of AVG oversees a lineup of antivirus products used by 110.

Social Engineering Networks Reid Chapman Ciaran Hannigan.

Sangeet Bhullar Director, WISE KIDS Promoting Positive and Safe Internet Use WISE KIDS Pilot Internet Mentor Programme.

Welcome to New Hire Orientation Information Security

The Art of Deception - Controlling Human Element of Security - Shohei Hagiwara November 17th, 2009.

Privacy & Security By Martin Perez. Introduction  Information system - People : meaning use, the people who use computers. - Procedures : Guidelines.

Social Engineering PA Turnpike Commission. “Social Engineering is the practice of obtaining confidential information by manipulation of legitimate users”

Web Server Security By Michael Huang. Web Server Security - Background Experts gets hacked (AOL, MSN, FBI, CIA, etc…) Loss of Trade Secrets, Company Embarrassment,

Chapter Nine Maintaining a Computer Part III: Malware.

Unit 12 Additional Evidence Nihal. 1.1 I can describe what types of information are needed. Business card Business cards are important because they show.

Cory Bowers Harold Gray Brian Schneider Data Security.

Chapter 4.  Can technology alone provide the best security for your organization?

Cyber crime & Security Prepared by : Rughani Zarana.

Slides by Kent Seamons and Tim van der Horst Last Updated: Nov 30, 2011.

CIS Computer Security Kasturi Pore Ravi Vyas.

Personal Privacy Rights & Abuses of the Internet Andrew Whalin, Robby Deaver, Manvinder Chohan, Brandon Lott, Erika Wallfred, Shawn McGregor.

ANTI-BULLYING AT KNIGHTLOW CYBER BULLYING. Cyber bullying: fact or fiction? 1. There are at least 7 forms of bullying that happen using technology True.

Slides by Kent Seamons and Tim van der Horst Last Updated: Nov 30, 2011.

Social Engineering Euphemism for cons –Confidence schemes - note the word confidence Why technologically based security protection that ignores the human.

Is Your Company Security Aware? Presented By: Brian Picard GSEC.

Eng. Hector M Lugo-Cordero, MS CIS4361 Department of Electrical Engineering and Computer Science February, 2012 University of Central Florida.

IS Network and Telecommunications Risks Chapter Six.

SOCIAL ENGINEERING PART IA: HOW SCAMMERS MANIPULATE EMPLOYEES TO GAIN INFORMATION.

CS 4001Mary Jean Harrold1 Class 25 Computer crime Assign Term paper—due 11/20.

KaaShiv InfoTech Ethical Hacking For Inplant Training / I nternship, please download th e "Inplant training registration form" fr om our website

Computer Security By Duncan Hall.

Presents Ethical Hacking 1 For Inplant Training / Internship, please download the "Inplant training registration form" from our.

The Art of Deception: Controlling the Human Element of Security by Kevin D. Mitnick, William L. Simon, Steve Wozniak Kevin D. MitnickWilliam L. SimonSteve.

Social Engineering Grifting in the 21 st century U of I Experiment Power Grid Security Spring 2003.

December 10, 2002 Bob Cowles, Computer Security Officer

Cyber Security in the Mobile Era KEEPING ENTERPRISE DATA SAFE IN THE BYOD ERA.

1 Figure 1-6: Attacks and Defenses (Study Figure) Access Control  Access control is the body of strategies and practices that a company uses to prevent.

Designed By: Jennifer Gohn.  “Getting people to do things they wouldn’t ordinarily do for a stranger” –Kevin Mitnick  There are several different.

Exploitation Development and Implementation PRESENTER: BRADLEY GREEN.

Carrie Estes Collin Donaldson.  Zero day attacks  “zero day”  Web application attacks  Signing up for a class  Hardening the web server  Enhancing.

Check By Phone Software - A Tool To Accept Checks Payments in Seconds Submitted By :

PRESENTED BY : Bhupendra Singh

 Being free from public attention that means not being watched or disturbed by other people.

Business Process Compromise in Financial Institutes Kavya Kushnoor

The Art of Deception: Controlling the Human Element of Security

Social Engineering: The Human Element of Computer Security

Social Engineering Dr. X.

Methods to Hacking and Cyber Invasion

Ethical Hacking By: Erin Noonan.

Taken from Hazim Almuhimedi presentation modified by Graciela Perera

Social Engineering Brock’s Cyber Security Awareness Committee

Module 3 (Ground Rules and Rules of Engagement)

Ghost in the Wires: My Adventures as the World’s Most Wanted Hacker

Answer the questions to reveal the blocks and guess the picture.

Internet And Online Community Week 10

Social Engineering Brock’s Cyber Security Awareness Committee

The Art of Deception.

Social Engineering No class today! Dr. X.

Malware, Phishing and Network Policies

Home Internet Vulnerabilities

Security Essentials for Small Businesses

Encryption and Hacking

CS 465 Social Engineering Last Updated: Dec 14, 2017.

Ethical Hacking ‘Ethical hacking’ is the branch of computer science that involves cybersecurity and preventing cyberattacks. Ethical hackers are not malicious.

What is Phishing? Pronounced “Fishing”

social Engineering and its importance during Security Audits

Discussion Government Private Business Tools for prevention Congress

Computer System Security

Presentation transcript:

Social Engineering as a Means of Exploitation Carrie Estes

 What is social engineering?  How is it technical in nature?  How does an average attack progress?  Examples of some attacks.  How can one defend against such attacks? Roadmap

 Social engineering is the art of manipulation to get what you want.  It takes confidence, research, time, and people who believe you are who you say you are. What is social engineering?

 Social engineering itself is only one step in a long list of steps to getting information from a company.  To pull off a successful attack, the attacker needs a lot of information.  This information comes from research and hacking into places in a company. How is it technical in nature?

 When an attacker is getting ready to pull off a social engineering attack, he or she needs to do research on the company and employees. From this, they will gain vital information to be used. Phone calls and s can be sent out to gain even more vital information. How does an average attack progress?

Social engineering techniques

Examples The colors and words puzzle that everyone saw as a kid. Did you know that it is considered social engineering?

 Oscar Grace became a PI  Woman’s husband moved funds  Wants to know where they are due to getting a divorce  Made three phone calls Examples

 Computer center manager fell for attack by a person barely out of their teens.  Danny wanted super secret encryption software from a top manufacturer of secure radio systems.  He didn’t want to steal it. Examples

 There is no concrete way to defend against these attacks.  There are, however, some things that can be done to diminish the risk.  Security awareness training  Mock social engineering drills, etc  Physical security  Background verification How does one defend against such attacks?

 We discussed  What is social engineering?  How is it technical in nature?  How does an average attack progress?  Examples of some attacks.  How one can defend against such attacks. Review

Questions?

 "Social Engineering (security)." Wikipedia. Wikimedia Foundation, 25 Mar Web. 27 Mar  Mitnick, Kevin D., and William L. Simon. The Art of Deception: Controlling the Human Element of Security. Indianapolis, IN: Wiley Pub., Print.  Shetty, Dines. "Social Engineering - The Human Factor | Social Engineering - The Human Factor | SecurityXploded, Web. 27 Mar References

Fun picture