CIS 5370 - Computer Security Kasturi Pore Ravi Vyas.

Slides:



Advertisements
Similar presentations
Social Engineering Training. Training Goals Increase Laboratory Awareness. Provide the tools required to identify, avoid and report advanced Social Engineering.
Advertisements

SOCIAL ENGINEERING ATTACKS GOWTHAM RAM RAJARAM VIGNESH SELVAKUMAR SELLAMUTHU.
Good morning - Matthias Vermeiren - Joachim Seminck Good morning.
Protecting Your Identity: What to Know, What to Do.
The Art of Social Hacking
Aleksandra Kurbatova IVCM.  What is social engineering?  Types  Pretexting  …  Summary  Conclusion.
SECURITY AND SOCIAL ENGINEERING US Department of Commerce Office of Security Updated 09/26/11 Security is Everyone's Responsibility – See Something, Say.
Internet Phishing Not the kind of Fishing you are used to.
Social Engineering Networks Reid Chapman Ciaran Hannigan.
Malicious Attacks By Chris Berg-Jones, Ethan Ungchusri, and Angela Wang.
Cyber Security - Threats James Clement Network Specialist ETS: Communications & Network Services
1 Social Engineering Dr.Talal Alkharobi. 2 Social Engineering - Definition Webster — management of human beings in accordance with their place and function.
Social Engineering PA Turnpike Commission. “Social Engineering is the practice of obtaining confidential information by manipulation of legitimate users”
INTERNET THREATS AND HOW TO PROTECT YOUR COMPUTER -BRIAN ARENDT.
BTT12OI.  Do you know someone who has been scammed? What happened?  Been tricked into sending someone else money (not who they thought they were) 
Information Security 2013 Roadshow. Roadshow Outline  Why We Care About Information Security  Safe Computing Recognize a Secure Web Site (HTTPS) How.
Social Engineering Training. Why Social Engineering Training? The Department of Energy (DOE) authorized the Red Team to perform vulnerability assessments.
Social Engineering Provide brief background about ourselves i.e. what were are going to school for Ask students what they think social engineering is before.
Cyber crime on the rise. Recent cyber attacks How it happens? Distributed denial of service Whaling Rootkits Keyloggers Trojan horses Botnets Worms Viruses.
Security of systems Security risks come from two areas: employees (who introduce accidental and intentional risks) and external computer crime. Unfortunately.
 Computer Hacking is the practice of modifying computer hardware and software to accomplish a goal outside of the creator’s original purpose.  the act.
UNIT 4 ASSIGNMENT VIRUSES & DESTRUCTIVE PROGRAMS.
Malware  Viruses  Virus  Worms  Trojan Horses  Spyware –Keystroke Loggers  Adware.
What is Social Engineering. Pretexting Pretexting is the act of creating and using an invented scenario called the Pretext to persuade a target to release.
Slides by Kent Seamons and Tim van der Horst Last Updated: Nov 30, 2011.
Viruses & Destructive Programs
Adam Soph, Alexandra Smith, Landon Peterson. Phishing is a way of attempting to acquire information such as usernames, passwords, and credit card details.
GOLD UNIT 4 - IT SECURITY FOR USERS (2 CREDITS) Thomas Jenkins.
Slides by Kent Seamons and Tim van der Horst Last Updated: Nov 30, 2011.
Network problems Last week, we talked about 3 disadvantages of networks. What are they?
Digital Citizenship. Topics  Netiquette  Copyright and Fair Use  Plagiarism  Safety on the Internet  Safety on your Computer.
BTT12OI.  Do you know someone who has been scammed online? What happened?  Been tricked into sending someone else money (not who they thought they were)
Information Security Sharon Welna Information Security Officer.
1 Computer Crime Often defies detection Amount stolen or diverted can be substantial Crime is “clean” and nonviolent Number of IT-related security incidents.
Topic 5: Basic Security.
 Carla Bates Technology and Education ED 505.  Social Media Sites are interactive webpages, blogs, and other user created sites that all others to create,
Digital Citizenship. What is a Digital Citizen? Digital Citizens are people who use technology often and appropriately. Digital Citizens are people who.
Computer Security By Duncan Hall.
INTRODUCTION & QUESTIONS.
5 different ways to get tricked on the internet. 1. Viruses A virus is a computer malware program that copies it’s files to the computer. This may allow.
1 Law, Ethical Impacts, and Internet Security. 2 Legal Issues vs. Ethical Issues Ethics — the branch of philosophy that deals with what is considered.
Cybersecurity Test Review Introduction to Digital Technology.
5.6- Demonstrate how to be a responsible consumer in the 21 st century Roll Call Question: Something that you learned in this unit.
Sources of Network Intrusion Security threats from network intruders can come from both internal and external sources.  External Threats - External threats.
Designed By: Jennifer Gohn.  “Getting people to do things they wouldn’t ordinarily do for a stranger” –Kevin Mitnick  There are several different.
Created by the E-PoliceSlide 122 February, 2012 Dangers of s By Michael Kuc.
Phishing and Internet Scams. Definitions and recent statistics Why is it dangerous? Phishing techniques and identifiers Examples of phishing and scam.
JANELL LAYSER Training Manual. AWARENESS! Social Engineers are out there, and everyone should be prepared to deal with them! They can contact you by phone,
Warm Up: Identity Theft: Quick Write 1. What is Identity Theft? 2. What is Fraud?
Social Engineering: The Human Element of Computer Security
Social Engineering Dr. X.
An Introduction to Phishing and Viruses
Social Engineering Brock’s Cyber Security Awareness Committee
IT Security  .
Social Engineering Charniece Craven COSC 316.
Information Security 101 Richard Davis, Rob Laltrello.
Phishing is a form of social engineering that attempts to steal sensitive information.
Protect Your Computer Against Harmful Attacks!
Social Engineering Brock’s Cyber Security Awareness Committee
Cybersecurity Awareness
Robert Leonard Information Security Manager Hamilton
The Art of Deception.
Social Engineering No class today! Dr. X.
Computer Security.
CS 465 Social Engineering Last Updated: Dec 14, 2017.
Introduction and Techniques
What is Phishing? Pronounced “Fishing”
ONLINE SECURITY, ETHICS AND ETIQUETTES EMPOWERMENT TECHNOLOGY.
Cybersecurity Simplified: Phishing
Presentation transcript:

CIS Computer Security Kasturi Pore Ravi Vyas

Public Definition from wikipedia.org “Social engineering is the art of manipulating people into performing actions or divulging confidential information” Gartner Research Group : “the manipulation of people, rather than machines, to successfully breach the security systems.”

Kevin Mitinic was incarcerated in February1995 with more 25 charges. In his book “Art of deception” he stated he did not use any hacking tools or software programs but used social engineering to obtain the passwords and secrets.

Three Israli brothers: Ramy, Muzher, and Shadde Badir had 44 charges against them. ◦ Telecommunications fraud ◦ Theft of computer data ◦ Impersonation of a police officer Damages around $2 million

On September 16, 2008 an internet activist group 'anonymous‘gained access to governor Palin's account DOB 2/11/64 ZIP 99687

 Its easier to ask the user instead of hacking the system  With the exponential increase in technology it is becoming harder to hack in to systems

VS

 Humans ◦ We are emotionally weak and like to help ◦ We easily succumb to pressure ◦ We cant correctly judge if someone is lying – bias towards truth and stereotypical thinking  Current defense mechanisms ◦ Security policies – single loop ◦ Employee training  Security policies ◦ Has humans involved in creation ◦ Are not updated ◦ Are not followed

 Information is readily and easily available

 First attain easily available data  Use it to fake authority  Attain more confidential information  Feedback loop - result of each action is fed back to get a better result in the next action  Final deadly attack on obtaining enough information  Devise attacks to minimize reaction and weaken security

 Pretexting ◦ Creating a scenario that does not exist in an attempt to pressure a victim in leaking information ◦ Generate cues to build the victim’s trust

 Phishing: The attacker typically sends an that appears to come from a legitimate source like a bank or credit card company, asking to verify some information and warns of dire consequences if action is not taken

 IVR or phone phishing: The attacker created a very legitimate sounding copy of an organization’s IVR(Interactive voice response) system. The attacker will send an urging people to call on the toll free number to verify information. On calling, they will readily give their information

 Trojan horse: They take advantage of the greed and curiosity of people to propagate malware. They come as attachments with attractive subject lines which, when opened introduce a virus in the system

 Baiting: These are like physical Trojan horses. The attacker leaves malware infected physical media like CD ROM with legitimate but curious labels around the workplace which when inserted by any attacker will cause the system to be infected.

 Online Social Engineering ◦ Users repeat a single password for all their accounts ◦ attacker sends an to sign up for some interesting site or some important update asking for a username and a password

 Reverse social engineering ◦ Make people come to you instead of you ◦ Attacker sabotages a network, causing a problem ◦ Advertise that he is the appropriate person to fix the problem ◦ When he comes to fix the network problem, he requests of information from the employees

 Physical protection  Security policies that separate documents into different levels or compartments, separation of duty, double loop  Employee training  Lie detectors

 Goodchild, J. (2008, Nov). Social Engineering: 8 Common Tactics. Retrieved Nov 2008, from NetworkWorld: engineering-eight-common.html engineering-eight-common.html  Granger, S. (2001, Dec). Social Engineering Fundamentals, Part I: Hacker Tactics. Retrieved Nov 2008, from SecurityFocus:  Granger, S. (2002, Jan). Social Engineering Fundamentals, Part II: Combat Strategies. Retrieved Nov 2008, from SecurityFocus:  Jose J. Gonzalez, J. M. (2006). A Framework for Conceptualizing Social Engineering. CRITIS 2006, LNCS 4347,  Wikipedia. (n.d.). Social engineering (security). Retrieved Nov 2008, from Wikipedia:

 VP contender Sarah Palin hacked  Three Blind Phreaks  U.S. vs. Mitnick and DePayne nt/page01.html nt/page01.html  New Trojan Bait: CNN Videos

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.