http://www.csoonline.com/article/514063/Social_Engineering_The_Basics By Joan Goodchild Senior Editor CSO January 11, 2010 You've got all the bells and whistles when it comes to network firewalls and your building's security has a state-of-the-art access system. You've invested in the technology. But what about the staff? Social engineers, or criminals who take advantage of human behavior to pull of a scam, aren't worried about a badge system. They will just walk right in and confidently ask someone to help them get inside. And that firewall? It won't mean much if your users are tricked into clicking on a malicious link they think came from a Facebook friend. In this guide, we outline the common tactics social engineers often use, and give you tips on how to ensure your staff is on guard. * What is social engineering? * How is my company at risk? * How do social engineers pull off their tricks? * Why do people fall for social engineering techniques? * How can I educate our employees to prevent social engineering? What is social engineering? Social engineering is essentially the art of gaining access to buildings, systems or data by exploiting human psychology, rather than by breaking in or using technical hacking techniques. For example, instead of trying to find a software vulnerability, a social engineer might call an employee and pose as an IT support person, trying to trick the employee into divulging his password. Famous hacker Kevin Mitnick helped popularize the term 'social engineering' in the '90s, although the idea and many of the techniques have been around as long as there have been scam artists of any sort. (Watch the video to see social-engineering expert Chris Nickerson size up one building's perimeter security) [...] ________________________________________ Did a friend send you this? From now on, be the first to find out! Subscribe to InfoSec News http://www.infosecnews.orgReceived on Tue Jan 12 2010 - 09:04:09 PST
This archive was generated by hypermail 2.2.0 : Tue Jan 12 2010 - 09:10:42 PST