social Engineering and its importance during Security Audits

Slides:



Advertisements
Similar presentations
h Protection from cyber attacks is achieved by acting on several levels: first, at the physical and material, placing the server in a place as safe as.
Advertisements

Social Engineering Training. Training Goals Increase Laboratory Awareness. Provide the tools required to identify, avoid and report advanced Social Engineering.
Ethics, Privacy and Information Security
Social Engineering And You Steve Otto. Social Engineering n Social Engineering - Getting people to do things they ordinarily wouldn’t do for a stranger.
Day anti-virus anti-virus 1 detecting a malicious file malware, detection, hiding, removing.
SECURITY AND SOCIAL ENGINEERING US Department of Commerce Office of Security Updated 09/26/11 Security is Everyone's Responsibility – See Something, Say.
CIT In this chapter you will learn how to:  Explain the threats to your computers and data  Describe key security concepts and technologies.
Prepared by: Nahed Al-Salah
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
January 14, 2010 Introduction to Ethical Hacking and Network Defense MIS © Abdou Illia.
1 Social Engineering Dr.Talal Alkharobi. 2 Social Engineering - Definition Webster — management of human beings in accordance with their place and function.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
Social Engineering PA Turnpike Commission. “Social Engineering is the practice of obtaining confidential information by manipulation of legitimate users”
Sam Cook April 18, Overview What is penetration testing? Performing a penetration test Styles of penetration testing Tools of the trade.
Internet Safety CSA September 21, Internet Threats Malware (viruses) Spyware Spam Hackers Cyber-criminals.
SEC835 Database and Web application security Information Security Architecture.
14 Publishing a Web Site Section 14.1 Identify the technical needs of a Web server Evaluate Web hosts Compare and contrast internal and external Web hosting.
Attacks On systems And Networks To understand how we can protect our system and network we need to know about what kind of attacks a hacker/cracker would.
Chapter 18 Technology in the Workplace Section 18.2 Internet Basics.
IS Network and Telecommunications Risks Chapter Six.
SOCIAL ENGINEERING PART IA: HOW SCAMMERS MANIPULATE EMPLOYEES TO GAIN INFORMATION.
Week 10-11c Attacks and Malware III. Remote Control Facility distinguishes a bot from a worm distinguishes a bot from a worm worm propagates itself and.
Understanding Computer Viruses: What They Can Do, Why People Write Them and How to Defend Against Them Computer Hardware and Software Maintenance.
Topic 5: Basic Security.
Presents Ethical Hacking For Inplant Training / Internship, please download the "Inplant training registration form" from our website.
INFORMATION TECHNOLOGY IN A GLOBAL SOCIETY: SECURITY Taylor Moncrief.
Computer Security By Duncan Hall.
Presents Ethical Hacking 1 For Inplant Training / Internship, please download the "Inplant training registration form" from our.
BTEC NAT Unit 15 - Organisational Systems Security ORGANISATIONAL SYSTEMS SECURITY Unit 15 Lecture 3 OTHER DAMAGING THREATS.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.
Sources of Network Intrusion Security threats from network intruders can come from both internal and external sources.  External Threats - External threats.
Department of Computer Science Introduction to Information Security Chapter 7 Activity Security Assessment Semester 1.
Appendix A: Designing an Acceptable Use Policy. Overview Analyzing Risks That Users Introduce Designing Security for Computer Use.
Social Engineering: The Human Element of Computer Security
Social Engineering Dr. X.
Edexcel GCSE Cyber security threats Computer Science 1CP1
3.6 Fundamentals of cyber security
Social Engineering Brock’s Cyber Security Awareness Committee
IT Security  .
Unit 4 IT Security.
Social Engineering Charniece Craven COSC 316.
Baiting By Conan, Amy and Sarah.
Information Security Seminar
Chapter 11 crime and security in the networked economy
Network and Telecommunications Audit
Computer Security Computer viruses Hardware theft Software Theft Unauthorized access by hackers Information Theft Computer Crimes.
Securing Information Systems
Social Engineering Brock’s Cyber Security Awareness Committee
Little work is accurate
Robert Leonard Information Security Manager Hamilton
The Art of Deception.
Malware, Phishing and Network Policies
Section 14.1 Section 14.2 Identify the technical needs of a Web server
Tom Chothia Computer Security
Security Essentials for Small Businesses
Introduction to Computers
Chapter 9 E-Commerce Security and Fraud Protection
Securing your hack-free work environment
Objectives Telecommunications and Network Physical and Personnel
Computer Security.
CS 465 Social Engineering Last Updated: Dec 14, 2017.
Ethical Hacking ‘Ethical hacking’ is the branch of computer science that involves cybersecurity and preventing cyberattacks. Ethical hackers are not malicious.
LO1 - Know about aspects of cyber security
Chapter # 3 COMPUTER AND INTERNET CRIME
Introduction and Techniques
What is Phishing? Pronounced “Fishing”
Test 3 review FTP & Cybersecurity
Security in mobile technologies
1.2.2 Security aspects • Show understanding of the security aspects of using the Internet and understand what methods are available to help minimise the.
IP Addresses & Ports IP Addresses – identify a device on a network
Presentation transcript:

social Engineering and its importance during Security Audits By:- Vismit Sudhir Rakhecha(Zhug)

There is no Patch, For human stupidity !

Case Studies

What is Social Engineering ? Famous hacker Kevin Mitnick helped popularize the term “social engineering” in the ‘90s, but the simple idea itself has been around for ages. Social engineering is the art of gaining access to buildings, systems or data by exploiting human psychology, rather than by breaking in or using technical hacking techniques.

Our Life Today

How Social Engineering works? There are an infinite number of social engineering exploits. A scammer may trick you into leaving a door open for him, visiting a fake Web page or downloading a document with malicious code, or he might insert a USB in your computer that gives him access to your corporate network.

Exploitation of Human Behavior

Types of Social Engineering There are two main categories under which all social engineering attempts could be classified. Computer or Technology based Human based or Non-Technical

SE and Security Audit We can break social engineering audits into two main categories, Internal and External, then from there break them down into smaller sub-categories.

Internal SE

Preparation (Pre-Audit) :- Only the admin panel aware of the exercise. Obtain current policies and procedures. Obtain Employees list. Define “Target”. Some SPY Devices (Pen, Button, etc.) Fake authorization letters. Letter Head

Phase I (Info Gathering) The social engineer who begins his attack with little or no information is destined for failure. Gathering information about the company, its practices, and employees, and identifying potential weaknesses is the goal. Employee lists, internal phone numbers, corporate directories and sensitive security information are prized possessions to the social engineer.

Phase II (Physical Entry) While the social engineer will generally attempt to accomplish his mission without ever physically stepping foot on company property, sometimes it is necessary to gain physical access to gather further information. There are many common tricks that the social engineer can use to gain physical access to a facility. The security auditor can also use these to test physical security procedures.

Results

I Gained

Sensitive Information on Technology used Network architecture. Lots of Technical Information reveled to “College Student”. Official letter in store room. Gained Access to Server Room.

External SE

In External SE, the base is our PHASE I In External SE, the base is our PHASE I. Over here we will use Computer or Electric Device to perform audit.

Phishing

Spyware

Spam mail

Baiting

SMSing

Social Networking

QUESTIONS ??? Contact : rvismit@gmail.com www.facebook.com/rvismit

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.