Social Engineering Jero-Jewo. Social Engineering Social engineering is the act of manipulating people into performing actions or divulging confidential.

Slides:

Advertisements

Similar presentations

The Web Wizards Guide to Freeware/Shareware Chapter Four Essential Tools for Web Page Authors.

Advertisements

Web Hosting. The purpose of this Startup Guide is to familiarize you with Own Web Now's Web Hosting. Own Web Now offers two web hosting platforms, one.

We use a comprehensive approach to reduce costs and increase efficiencies. TMR approaches every project with integrity, dedication, and creativity. We.

Creating the Ultimate Online Customer-Service Experience Stefan Beeli, Vice President ESP Computer Services Choosing the proper level of Technology A look.

Social Engineering Training. Training Goals Increase Laboratory Awareness. Provide the tools required to identify, avoid and report advanced Social Engineering.

Web Services and AIXM. Introduction Subramanyam “Subbu” Nadavala Contractor, L-3 Communications FAA Air Traffic Organization (ATO) Information Technology.

SECURITY AND SOCIAL ENGINEERING US Department of Commerce Office of Security Updated 09/26/11 Security is Everyone's Responsibility – See Something, Say.

AVG- Protecting those who are vulnerable.  Free Anti-Virus Software ◦ J.R. Smith President of AVG oversees a lineup of antivirus products used by 110.

System Security Scanning and Discovery Chapter 14.

Security Issues and Challenges in Cloud Computing

 Single sign-on o Centralized and federated passport o Federated Liberty Alliance and Shibboleth  Authorization o Who can access which resource o ACM.

0-1 Team # Status Report (1 of 4) Client Contact –Point 1 –Point 2 Team Meetings –Point 1 –Point 2 Team Organization –Point 1 –Point 2 Team #: Team Name.

0-1 Team # Status Report (1 of 4) Client Contact –Status Point 1 –Status Point 2 Team Meetings –Status Point 1 –Status Point 2 Team Organization –Description.

Social Engineering Jero-Jewo. Case study Social engineering is the act of manipulating people into performing actions or divulging confidential information.

Syndicators as Attestors of Premium Clicks Sergei Chevtsov, SLAC, AdFraud 2007.

Chapter 16 Security. 2 Chapter 16 - Objectives u The scope of database security. u Why database security is a serious concern for an organization. u The.

Social Engineering PA Turnpike Commission. “Social Engineering is the practice of obtaining confidential information by manipulation of legitimate users”

Information Security Information Technology and Computing Services Information Technology and Computing Services

SHASHANK MASHETTY security. Introduction Electronic mail most commonly referred to as or e- mail. Electronic mail is one of the most commonly.

Confidential Crisis Management Innovations, LLC. CMI CrisisPad TM Product Overview Copyright © 2011, Crisis Management Innovations, LLC. All Rights Reserved.

Information Security 2013 Roadshow. Roadshow Outline  Why We Care About Information Security  Safe Computing Recognize a Secure Web Site (HTTPS) How.

Information Security and YOU!. Information Assurance Outreach Information Security Online Security Remote Access with Demonstration The Cloud Social.

Invitation to Computer Science 5th Edition

Remote Administration Remote Desktop Remote Assistance Remote Server Administration Tools.

Investigating Cybercrime DATALAWS Information Technology Law Consultants Presented by F. F Akinsuyi (MSc, LLM)MBCS.

Information Security 2013 Roadshow. Roadshow Outline  Why We Care About Information Security  Safe Computing Recognize a Secure Web Site (HTTPS) How.

G053 - Lecture 08 Hosting Websites Mr C Johnston ICT Teacher

©Holm Publications Security Awareness Presentation.

U.S. Department of Agriculture eGovernment Program July 23, 2003 eAuthentication Initiative Agency Responsibilities and Funding Discussion eGovernment.

ITIS 1210 Introduction to Web-Based Information Systems Chapter 23 How Web Host Servers Work.

CSU - DCE Internet Security... Privacy Overview - Fort Collins, CO Copyright © XTR Systems, LLC Setting Up & Using a Site Security Policy Instructor:

Database Application Security Models Database Application Security Models 1.

Protecting Internet Communications: Encryption  Encryption: Process of transforming plain text or data into cipher text that cannot be read by anyone.

Chapter 4 Getting Paid. Objectives Understand electronic payment systems Know why you need a merchant account Know how to get a merchant account Explain.

Chapter 13 Understanding E-Security. 2 OBJECTIVES What are security concerns (examples)? What are two types of threats (client/server) Virus – Computer.

Here you are at your computer, but you don’t have internet connections. Your ISP becomes your link to the internet. In order to get access you need to.

Chapter 5 – The Client. Definition of the Client n Differences between Internal and External Clients.

Windows Server ® 2008 R2 Remote Desktop Services Infrastructure Planning and Design Published: July 2008 Updated: February 2011.

Section 12.1 Discuss the functions of a Web site Create a feedback form Compare and contrast option buttons and check boxes Section 12.2 Explain the use.

Customer Interface for wuw.com 1.Context. Customer Interface for wuw.com 2. Content Our web-site can be classified as an service-dominant website. 3.

Browser User Certificate Mail Box VOMS-Admin Host Tomcat TR1) Users Trusts “VOMS-Admin” server identity. step1 TR2) User Trusts data (Data1, HTML response)

Securing the Network Infrastructure. Firewalls Typically used to filter packets Designed to prevent malicious packets from entering the network or its.

KISTI Grid CA Operation KISTI Supercomputing Center Sangwan Kim, Soonwook Hwang CA Operators Contact: Jan. 8, 2007.

By Anthony W. Hill & Course Technology 1 Help Desk Operation Beisse.

What is risk online operation:  massive movement of operation to the internet has attracted hackers who try to interrupt such operation daily.  To unauthorized.

Topic 5: Basic Security.

19 December 1998EMGnet meeting INRIA Rhône-Alpes1 An Overview of Security Issues in the Web José KAHAN OBLATT W3C/INRIA 19 December 1998.

Lesson 19-E-Commerce Security Needs. Overview Understand e-commerce services. Understand the importance of availability. Implement client-side security.

Cisco – Chapter 15 Application Layer closest to you as an end-user, when you are interacting with software.

Enterprise Cybersecurity Strategy

SOCKS By BITSnBYTES (Bhargavi, Maya, Priya, Rajini and Shruti)

Technology Literacy.

Configuring and Deploying Web Applications Lesson 7.

TOOLS FOR PROXYING. Tools for Proxying Many available applications provide proxy capabilities. The major commercial vendors have embraced hybrid technologies.

Role Of Network IDS in Network Perimeter Defense.

An Active Security Infrastructure for Grids Stuart Kenny*, Brian Coghlan Trinity College Dublin.

Securing Your Web Application in Azure with a WAF

Social Engineering Charniece Craven COSC 316.

Secure Software Confidentiality Integrity Data Security Authentication

Section 12.1 Section 12.2 Discuss the functions of a Web site

Phishing, what you should know

Unit 5: Providing Network Services

GCE Applied ICT G053: Lesson 02 Web Structure and Hosting

Little work is accurate

IT Security awareness Training.

File Transfer Protocol

Forensics Week 12.

CERN Certificates platform Emmanuel Ormancey / Anatoly Gladkov

Understanding Back-End Systems

Presentation transcript:

Social Engineering Jero-Jewo

Social Engineering Social engineering is the act of manipulating people into performing actions or divulging confidential information. While similar to a confidence trick or simple fraud, the term typically applies to trickery or deception for the purpose of information gathering, fraud or computer system access; in most cases the attacker never comes face-to-face with the victim. – trickfraud

Case study As a service provider, Duo Consulting helps clients manage the publication of critical business information on their web sites. Integrity and availability are important considerations for Duo when processing requests for changes 99% of requests from clients come from known client contacts.

Case Study There is currently a communication process in place to receive and manage requests. How should we handle requests from contacts that are not known?

Real World New request comes in from an unknown contact at Setton Farms for ftp access to their web server on a Saturday. Request bounces around until it comes to CTO. Requester is contacted and an inquiry is made about need for ftp access.

Real World Contact explains that there is an immediate need to publish critical information about a recall on their site and they have hired a designer to make the updates to their site.

What happened next? Question identity of requester Question authenticity of request

What’s missing? We do not have a policy or process in place to confirm identity of contacts making requests We do not have a list of authorized contacts There is a service level agreement in place for managed hosting - but nothing defined about emergency requests from clients that do not have a services support contract in place

Next Steps Solve the problems!