Presentation is loading. Please wait.

Presentation is loading. Please wait.

social Engineering and its importance during Security Audits

Published byReynard Leonard Modified over 5 years ago

Similar presentations

Presentation on theme: "social Engineering and its importance during Security Audits"— Presentation transcript:

1 social Engineering and its importance during Security Audits
By:- Vismit Sudhir Rakhecha(Zhug)

2 There is no Patch, For human stupidity !

3 Case Studies

4 What is Social Engineering ?
Famous hacker Kevin Mitnick helped popularize the term “social engineering” in the ‘90s, but the simple idea itself has been around for ages. Social engineering is the art of gaining access to buildings, systems or data by exploiting human psychology, rather than by breaking in or using technical hacking techniques.

5 Our Life Today

6

7 How Social Engineering works?
There are an infinite number of social engineering exploits. A scammer may trick you into leaving a door open for him, visiting a fake Web page or downloading a document with malicious code, or he might insert a USB in your computer that gives him access to your corporate network.

8 Exploitation of Human Behavior

9 Types of Social Engineering
There are two main categories under which all social engineering attempts could be classified. Computer or Technology based Human based or Non-Technical

10

11 SE and Security Audit We can break social engineering audits into two main categories, Internal and External, then from there break them down into smaller sub-categories.

12 Internal SE

13 Preparation (Pre-Audit) :-
Only the admin panel aware of the exercise. Obtain current policies and procedures. Obtain Employees list. Define “Target”. Some SPY Devices (Pen, Button, etc.) Fake authorization letters. Letter Head

14 Phase I (Info Gathering)
The social engineer who begins his attack with little or no information is destined for failure. Gathering information about the company, its practices, and employees, and identifying potential weaknesses is the goal. Employee lists, internal phone numbers, corporate directories and sensitive security information are prized possessions to the social engineer.

15

16 Phase II (Physical Entry)
While the social engineer will generally attempt to accomplish his mission without ever physically stepping foot on company property, sometimes it is necessary to gain physical access to gather further information. There are many common tricks that the social engineer can use to gain physical access to a facility. The security auditor can also use these to test physical security procedures.

17

18 Results

19

20 I Gained

21 Sensitive Information on Technology used
Network architecture. Lots of Technical Information reveled to “College Student”. Official letter in store room. Gained Access to Server Room.

22 External SE

23 In External SE, the base is our PHASE I
In External SE, the base is our PHASE I. Over here we will use Computer or Electric Device to perform audit.

24 Phishing

25 Spyware

26 Spam mail

27 Baiting

28 SMSing

29 Social Networking

30 QUESTIONS ??? Contact :

31

Download ppt "social Engineering and its importance during Security Audits"

Similar presentations

h Protection from cyber attacks is achieved by acting on several levels: first, at the physical and material, placing the server in a place as safe as.

h Protection from cyber attacks is achieved by acting on several levels: first, at the physical and material, placing the server in a place as safe as.
Social Engineering Training. Training Goals Increase Laboratory Awareness. Provide the tools required to identify, avoid and report advanced Social Engineering.

Social Engineering Training. Training Goals Increase Laboratory Awareness. Provide the tools required to identify, avoid and report advanced Social Engineering.
Ethics, Privacy and Information Security

Ethics, Privacy and Information Security
Social Engineering And You Steve Otto. Social Engineering n Social Engineering - Getting people to do things they ordinarily wouldn’t do for a stranger.

Social Engineering And You Steve Otto. Social Engineering n Social Engineering - Getting people to do things they ordinarily wouldn’t do for a stranger.
Day 4-1-1 anti-virus 3-3-1.anti-virus 1 detecting a malicious file malware, detection, hiding, removing.

Day anti-virus anti-virus 1 detecting a malicious file malware, detection, hiding, removing.
SECURITY AND SOCIAL ENGINEERING US Department of Commerce Office of Security Updated 09/26/11 Security is Everyone's Responsibility – See Something, Say.

SECURITY AND SOCIAL ENGINEERING US Department of Commerce Office of Security Updated 09/26/11 Security is Everyone's Responsibility – See Something, Say.
CIT 1100. In this chapter you will learn how to:  Explain the threats to your computers and data  Describe key security concepts and technologies.

CIT In this chapter you will learn how to:  Explain the threats to your computers and data  Describe key security concepts and technologies.
Prepared by: Nahed Al-Salah

Prepared by: Nahed Al-Salah
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
January 14, 2010 Introduction to Ethical Hacking and Network Defense MIS 4600 - © Abdou Illia.

January 14, 2010 Introduction to Ethical Hacking and Network Defense MIS © Abdou Illia.
1 Social Engineering Dr.Talal Alkharobi. 2 Social Engineering - Definition Webster — management of human beings in accordance with their place and function.

1 Social Engineering Dr.Talal Alkharobi. 2 Social Engineering - Definition Webster — management of human beings in accordance with their place and function.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
Social Engineering PA Turnpike Commission. “Social Engineering is the practice of obtaining confidential information by manipulation of legitimate users”

Social Engineering PA Turnpike Commission. “Social Engineering is the practice of obtaining confidential information by manipulation of legitimate users”
Sam Cook April 18, 2013. Overview What is penetration testing? Performing a penetration test Styles of penetration testing Tools of the trade.

Sam Cook April 18, Overview What is penetration testing? Performing a penetration test Styles of penetration testing Tools of the trade.
Internet Safety CSA 105 1.0 September 21, 2010. Internet Threats Malware (viruses) Spyware Spam Hackers Cyber-criminals.

Internet Safety CSA September 21, Internet Threats Malware (viruses) Spyware Spam Hackers Cyber-criminals.
SEC835 Database and Web application security Information Security Architecture.

SEC835 Database and Web application security Information Security Architecture.
14 Publishing a Web Site Section 14.1 Identify the technical needs of a Web server Evaluate Web hosts Compare and contrast internal and external Web hosting.

14 Publishing a Web Site Section 14.1 Identify the technical needs of a Web server Evaluate Web hosts Compare and contrast internal and external Web hosting.
Attacks On systems And Networks To understand how we can protect our system and network we need to know about what kind of attacks a hacker/cracker would.

Attacks On systems And Networks To understand how we can protect our system and network we need to know about what kind of attacks a hacker/cracker would.
Chapter 18 Technology in the Workplace Section 18.2 Internet Basics.

Chapter 18 Technology in the Workplace Section 18.2 Internet Basics.
IS Network and Telecommunications Risks Chapter Six.

IS Network and Telecommunications Risks Chapter Six.

Similar presentations

Ads by Google