Nytro Posted November 21, 2011 Report Posted November 21, 2011 Social Engineering - The Human FactorName: Dinesh Shetty Profile: Information Security Consultant Email ID: dinesh.shetty @ live.comSocial EngineeringCyber security is an increasingly serious issue for the complete world with intruders attacking large corporate organizations with the motive of getting access to restricted content. CSI Computer Crime and Security Survey report for the year 2010-2011 stated that almost half of the respondents had experienced a security incident, with 45.6% of them reporting that they had been subject of at least one targeted attack.Merely trying to prevent infiltration on a technical level and ignoring the physical-social level, cent percent security can never be achieved. Couple of examples can be the scenes from Hackers which shows Dumpster diving in the target company's trash in order to obtain financial data from printouts and the scene from War Games where Matthew Broderick's character studied his target before attempting to crack the password of the military computer system. 'Social Engineering' is a threat that is overlooked in most of the organizations but can easily be exploited as it takes advantage of human psychology rather than the technical barricades that surrounds the complete system. Below is a classic example of this:A person receives an e-mail on his official mailbox saying that his computer has been infected with a virus. The message provides a link and suggests that he downloads and installs the tool from the link to eliminate the virus from his computer. The person in a state of confusion clicks on the link to remove the virus from his computer but unwittingly giving a hacker an easy entrance into his corporate network.To ensure complete security of an organization from all kinds of internal and external factors, the security consultant must have complete knowledge of the Social Engineering cycle, the techniques that can be used by an attacker and the counter-measures to reduce the likelihood of success of the attack.In this paper we are going to take you through the various phases so as to understand what is Social Engineering, Social Engineering Lifecycle, the various Techniques used in Social Engineering attack with detailed examples and then finally conclude with the counter-measures to protect against each of the Social Engineering attack techniques.Download:http://www.exploit-db.com/download_pdf/18135 Quote
