1 Social Engineering By Dan LoPresto. 2 An ounce of data on Dan…  Dan LoPresto owns/operates PitViper Industries - Technology Solutions.  CISSP Certification.

Slides:

Advertisements

Similar presentations

Information Security Domains Computer Operations Security By: Shafi Alassmi Instructor: Francis G. Date: Sep 22, 2010.

Advertisements

ETHICAL HACKING A LICENCE TO HACK

Ethical Hacking Pratheeba Murugesan. HACKER AENDA  What is Ethical Hacking?  Who are ethical hackers?  Every Website-A Target  Get out of jail free.

1 No Silver Bullet : Inherent Limitations of Computer Security Technologies Jeffrey W. Humphries Texas A&M University.

Chapter 1 – Introduction

Continuous Compliance Assurance for Trusted Information Sharing: A Research Framework Bonnie W. Morris College of Business & Economics

1 An Overview of Computer Security computer security.

Users Are Not The Enemy A. Adams and M. A. Sasse Presenter: Jonathan McCune Security Reading Group February 6, 2004.

Earl Crane Hap Huynh Jeongwoo Ko Koichi Tominaga 11/14/2000 Physician Reminder System SNA Step 3.

SIRT Contact Orientation Security Incident Response Team Departmental Security Contacts April 16, 2004.

Cryptography and Network Security Chapter 1. Chapter 1 – Introduction The art of war teaches us to rely not on the likelihood of the enemy's not coming,

Social Engineering PA Turnpike Commission. “Social Engineering is the practice of obtaining confidential information by manipulation of legitimate users”

Chapter 14: Personalization and TrustCopyright © 2004 by Prentice Hall User-Centered Website Development: A Human- Computer Interaction Approach.

Pertemuan 02 Aspek dasar keamanan Jaringan dan ketentuan baku OSI

Network Infrastructure Security. LAN Security Local area networks facilitate the storage and retrieval of programs and data used by a group of people.

NUAGA May 22,  IT Specialist, Utah Department of Technology Services (DTS)  Assigned to Department of Alcoholic Beverage Control  PCI Professional.

City Hall of Iasi Ethics in e-guidance, privacy and security devices Date: Author: Cristina Nucuta.

Dr. Lo’ai Tawalbeh 2007 INCS 741: Cryptography Chapter 1:Introduction Dr. Lo’ai Tawalbeh New York Institute of Technology (NYIT) Jordan’s Campus

MnSCU Audit Reports Presentation to the MnSCU Audit Committee Office of the Legislative Auditor September 21, 2004.

MOBILE DEVICE SECURITY. WHAT IS MOBILE DEVICE SECURITY? Mobile Devices  Smartphones  Laptops  Tablets  USB Memory  Portable Media Player  Handheld.

Information Systems Security Computer System Life Cycle Security.

Chapter 4.  Can technology alone provide the best security for your organization?

Joseph Kummer Terri Berry Brad White.  1. Specific instances of employee hacking and the consequences which resulted therefrom.  2. How employees utilize.

Computer Science and Engineering 1 Cloud ComputingSecurity.

Lesson 20-Wireless Security. Overview Introduction to wireless networks. Understanding current wireless technology. Understanding wireless security issues.

Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 1 – Overview.

Computer Security: Principles and Practice

Copyright © 2013 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin Business Plug-In B6 Information Security.

Kevin Casady Hanna Short BJ Rollinson.  Centralized and Structured collection of data stored in a computer system  An electronic filing system  Easy.

ISO17799 Maturity. Confidentiality Confidentiality relates to the protection of sensitive data from unauthorized use and distribution. Examples include:

Information Security Antipatterns in Software Requriements Engineering Miroslav Kis Presented by Liping Cai.

Managing Data Against Insider Threats Dr. John D. Johnson, CISSP.

Lesson 7-Managing Risk. Overview Defining risk. Identifying the risk to an organization. Measuring risk.

Community Engagement In Building The Legal Framework For The Extractive Sector. Are we there yet?? David Barissa ActionAid International.

E-Science Projects and Security M. Angela Sasse & Mike Surridge.

Delivering results that endure Delivering Results that Endure Managing Risks in the Software Acquisition Process GFIRST Conference June 2007 Stan Wisseman.

Computer Security Specialist e-book Created by The University of North Texas in partnership with the Texas Education Agency.

Training of Information Security for Common Users Dr. Francisco Eduardo Rivera FAA SALT Conference, February 18, 2004.

Topic 5: Basic Security.

CSCE 548 Secure Software Development Security Operations.

Csci5233 computer security & integrity 1 An Overview of Computer Security.

Company LOGO User Authentication Threat Modelling from User and Social Perspective “Defending the Weakest Link: Intrusion.

Management Information Systems The Islamia University of Bahawalpur Delivered by: Tasawar Javed Lecture 16.

Security Mindset Lesson Introduction Why is cyber security important?

Overview of Network Security. Network Security2 New Challenges 1.Security does not focus on a “product” only; it is a process and focuses on the whole.

July 1, 2004Computer Security: Art and Science © Matt Bishop Slide #1-1 Chapter 1: Introduction Components of computer security Threats Policies.

The Art of Information Security: A Strategy Brief Uday Ali Pabrai, CISSP, CHSS.

UNDER THE GUIDENCE OF: Mr.M.JAYANTHI RAO,M.Tech HOD OF IT. BY: I.ADITHYA(09511A1212) HONEYPOTS.

Sources of Network Intrusion Security threats from network intruders can come from both internal and external sources.  External Threats - External threats.

Incident Response Christian Seifert IMT st October 2007.

Company Proprietary and Confidential Texas Association of Community Health Centers - Proprietary and Confidential Fourth and Goal: Score with Meaningful.

Information Security Principles and Practices by Mark Merkow and Jim Breithaupt Chapter 1: Why Study Information Security?

1 Network Security Maaz bin ahmad.. 2 Outline Attacks, services and mechanisms Security attacks Security services Security Mechanisms A model for Internetwork.

Lecturer: Eng. Mohamed Adam Isak PH.D Researcher in CS M.Sc. and B.Sc. of Information Technology Engineering, Lecturer in University of Somalia and Mogadishu.

Advanced System Security Dr. Wayne Summers Department of Computer Science Columbus State University

PRESENTED BY : Bhupendra Singh

Washington State Auditor’s Office Cybersecurity Preparing for the Inevitable Washington State Auditor’s Office Peg Bodin, CISA, Local IS Audit Manager.

Information Security and Privacy in HRIS

Law Firm Data Security: What In-house Counsel Need to Know

Management Information Systems

Cyber Warfare and Importance of Cyber Awareness

Cybersecurity Awareness

Cyber security Policy development and implementation

Ethical Hacking.

Ethical Hacking ‘Ethical hacking’ is the branch of computer science that involves cybersecurity and preventing cyberattacks. Ethical hackers are not malicious.

Detection Detect the breach and protect the data. By,

Risk Articulation Articulation Translation to Risk Register

Chapter 1 Key Security Terms.

Anna Adams Martina Angela Sasse

Presentation transcript:

1 Social Engineering By Dan LoPresto

2 An ounce of data on Dan…  Dan LoPresto owns/operates PitViper Industries - Technology Solutions.  CISSP Certification in June  NSTISSI 4011 & 4013 NSA Certification for Information Assurance in January  Bachelors = Management Information Systems  Masters = Computer Resources & Info. Mgmt.  Completing a Ph.D. in Information Systems with a concentration in Information Security.  Enjoys Shooting Pool & Targets along with Cooking, Dining, and Eating.  Owns a cat and a cockatiel.

3 Social Engineering Defined  The ‘hacking’ of people.  Obtaining, collecting, and using unauthorized information garnered via technical and non-technical means while interacting with others.  Involves persuasion, lies, manipulation, and many other crafty methods while relying on a person’s natural sense to be helpful and their lack of understanding that the information being released is sensitive and/or confidential.

4 Identity-Related Misuse  Social, as well as technological, risks to one’s personal information exist just as they do in the corporate world.  Social Engineering involves the manipulation, or ‘hacking’, of people using partial knowledge and clever ruses.  Many people are oblivious to these types of risks.  “Greater awareness as well as technological, social, and legal approaches are needed to minimize the risks.” [1]

5 How to Repair Compromised Information Systems Quickly?  “Social engineering is one class of techniques that exploit human weaknesses to gain unauthorized accesses to technically secure systems.” [2]  “…shift at least some of the research focus to the development of system design techniques that can minimize the cost of computer security breach by facilitating post-intrusion system clean-up and restoration.” [2]  It is impossible for any system to be completely secure, yet by knowing this, systems can be designed in a manner that raises awareness of when breaches occur and allows for fast, accurate repair and recovery of afflicted data.

6 Users Are Not The Enemy  “…hackers pay more attention to the human link in the security chain than security designers do, for example, by using social engineering techniques to obtain passwords.” [3]  Human factors must be considered in the design of security mechanisms.  “Insufficient communication with users produces a lack of user-centered design in security mechanisms.” [3]  “Social engineers rely on password disclosure, low security awareness and motivation to breach security mechanisms.” [3]  Users must be informed about and involved with the design, implementation, and policies surrounding information security.

7 Significance & Conclusion  The articles referenced provided insight into methods deployed by Social Engineers, how the user community is affected by these methods, along with ways to help combat social engineering attacks through awareness and involvement of the user base.  Additionally, a change in the method of how systems are designed was suggested in an effort to involve users more directly and create more effective recovery of damaged and/or stolen data.  This information will aid those seeking to minimize successful Social Engineering attacks. It should help them develop new ways to thwart efforts to garner sensitive and confidential information from users. Lastly, it should get us all thinking about devising stronger methods to repair our data as well as recover it post-intrusion.

8 Articles Reviewed [1] Neumann, Peter G. (1997). Identity-Related Misuse. Inside Risks, [2] Chiueh, Tzi-cker, Zhu, Ningning, & Pilania, Dhruv. (2002). How to Repair Compromised Information Systems Quickly? Computer Science Department. State University of New York at Stony Brook. [3] Adams, Anne & Sasse, Martina Angela. (1999). Users Are Not The Enemy. Department of Computer Science at the University College of London

9