Presentation is loading. Please wait.

Presentation is loading. Please wait.

Kelly Corning Julie Sharp.  Human-based techniques: impersonation  Computer-based techniques: malware and scams.

Similar presentations

Presentation on theme: "Kelly Corning Julie Sharp.  Human-based techniques: impersonation  Computer-based techniques: malware and scams."— Presentation transcript:

1 Kelly Corning Julie Sharp

2  Human-based techniques: impersonation  Computer-based techniques: malware and scams

3  Manipulates legitimate users into undermining their own security system  Abuses trusted relationships between employees  Very cheap for the attacker  Attacker does not need specialized equipment or skills

4  Impersonation  Help Desk  Third-party Authorization  Tech Support  Roaming the Halls  Repairman  Trusted Authority Figure  Snail Mail

5  Computer-Based Techniques  Pop-up windows  Instant Messaging and IRC  Email Attachments  Email Scams  Chain Letters and Hoaxes  Websites

6  Hacker pretends to be an employee  Recovers “forgotten” password  Help desks often do not require adequate authentication

7  Targeted attack at someone who has information  Access to assets  Verification codes  Claim that a third party has authorized the target to divulge sensitive information  More effective if the third party is out of town

8  Hacker pretends to be tech support for the company  Obtains user credentials for troubleshooting purposes.  Users must be trained to guard credentials.

9  Hacker dresses to blend in with the environment  Company uniform  Business attire  Looks for sensitive information that has been left unattended  Passwords written down  Important papers  Confidential conversations

10  Hacker wears the appropriate uniform  Often allowed into sensitive environments  May plant surveillance equipment  Could find sensitive information

11  Hacker pretends to be someone in charge of a company or department  Similar to “third-party authorization” attack  Examples of authority figures  Medical personnel  Home inspector  School superintendent  Impersonation in person or via telephone

12  Hacker sends mail that asks for personal information  People are more trusting of printed words than webpages  Examples  Fake sweepstakes  Free offers  Rewards programs  More effective on older generations

13  Window prompts user for login credentials  Imitates the secure network login  Users can check for visual indicators to verify security

14  Hacker uses IM, IRC to imitate technical support desk  Redirects users to malicious sites  Trojan horse downloads install surveillance programs.

15  Hacker tricks user into downloading malicious software  Programs can be hidden in downloads that appear legitimate  Examples  Executable macros embedded in PDF files  Camouflaged extension: “NormalFile.doc” vs. “NormalFile.doc.exe”  Often the final extension is hidden by the email client.

16  More prevalent over time  Begins by requesting basic information  Leads to financial scams

17  More of a nuisance than a threat  Spread using social engineering techniques  Productivity and resource cost

18  Offer prizes but require a created login  Hacker capitalizes on users reusing login credentials  Website credentials can then be used for illegitimate access to assets

19  Never disclose passwords  Limit IT Information disclosed  Limit information in auto-reply emails  Escort guests in sensitive areas  Question people you don't know  Talk to employees about security  Centralize reporting of suspicious behavior

20  Remind employees to keep passwords secret  Don’t make exceptions  It’s not a grey area!

21  Only IT staff should discuss details about the system configuration with others  Don’t answer survey calls  Check that vendor calls are legitimate

22  Keep details in out-of-office messages to a minimum  Don’t give out contact information for someone else.  Route requests to a receptionist

23  Guard all areas with network access  Empty offices  Waiting rooms  Conference rooms  This protects against attacks  “Repairman”  “Trusted Authority Figure”

24  All employees should have appropriate badges  Talk to people who you don’t recognize  Introduce yourself and ask why they are there

25  Regularly talk to employees about common social engineering techniques  Always be on guard against attacks  Everyone should watch what they say and do.

26  Designate an individual or group  Social engineers use many points of contact  Survey calls  Presentations  Help desk calls  Recognizing a pattern can prevent an attack

27 Davidson, Justin. "Best Practices to Prevent Social Engineering Attacks." Spiceworks Community Global. N.p., n.d. Web. 26 Mar. 2013.. Information, Network & Managed IT Security Services. "Social Engineering." SecureWorks. Dell, 2013. Web. 26 Mar. 2013.. "Types of Social Engineering." National Plant Diagnostic Network, 2013. Web. 26 Mar. 2013..

Download ppt "Kelly Corning Julie Sharp.  Human-based techniques: impersonation  Computer-based techniques: malware and scams."

Similar presentations

Ads by Google