Social Engineering Networks Reid Chapman Ciaran Hannigan.

Slides:



Advertisements
Similar presentations
Protect Our Students Protect Ourselves
Advertisements

Social Engineering And You Steve Otto. Social Engineering n Social Engineering - Getting people to do things they ordinarily wouldn’t do for a stranger.
Kelly Corning Julie Sharp.  Human-based techniques: impersonation  Computer-based techniques: malware and scams.
Social Network Security Issues: Social Engineering and Phishing Attacks Jeffrey Allen, Leon Gomez, Marlon Green, Phillip Ricciardi, Christian Sanabria.
1. What is Identity Theft? 2. How Do Thieves Steal An Identity? 3. What Do Thieves Do with Stolen Identities? 4. What Can I Do To Avoid Becoming a Victim?
Protecting Your Identity: What to Know, What to Do.
Deter, Detect, Defend: The FTC’s Program on Identity Theft.
2 Issues of the information age Computer _______ and mistakes –Preventing computer related waste & mistakes Computer crime –Computer as tool to commit.
BEWARE! IDENTITY THEFT CARL JOHNSON FINANCIAL LITERACY JENKS HIGH CSHOOL.
SECURITY AND SOCIAL ENGINEERING US Department of Commerce Office of Security Updated 09/26/11 Security is Everyone's Responsibility – See Something, Say.
SAFEGUARDING DHS CLIENT DATA PART 2 SAFEGUARDING PHI AND HIPAA Safeguards must: Protect PHI from accidental or intentional unauthorized use/disclosure.
UT Wing Civil Air Patrol. Objective Identify network and cyber vulnerabilities and mitigations Social Media/Metadata/Exfil data MITM Attacks Malware Social.
Social Engineering – Threats & Concerns Avisek Ghosh, CISA CISSP Sr. Manager – Corporate Security Cognizant Technology Solutions.
Social Engineering J Nivethan. Social Engineering The process of deceiving people into giving away access or confidential information Onlinne Phone Offline.
DATA SECURITY Social Security Numbers, Credit Card Numbers, Bank Account Numbers, Personal Health Information, Student and/or Staff Personal Information,
The Art of Deception - Controlling Human Element of Security - Shohei Hagiwara November 17th, 2009.
© Oklahoma State Department of Education. All rights reserved. 1 Beware! Consumer Fraud Standard 9. 1 Fraud and Identity Theft.
Social Engineering PA Turnpike Commission. “Social Engineering is the practice of obtaining confidential information by manipulation of legitimate users”
Identity-Theft is the fastest growing crime in America; 9.9 MILLION victims were reported last year, according to a Federal Trade Commission survey!
DIGITAL CITIZENSHIP 6 TH – 8 TH UNIT 1 LESSON 3 SCAMS & SCHEMES What is identity theft, and how can you protect yourself from it?
E-business Security Dana Vasiloaica Institute of Technology Sligo 22 April 2006.
Cory Bowers Harold Gray Brian Schneider Data Security.
PHISHING AND SPAM INTRODUCTION There’s a good chance that in the past week you have received at least one that pretends to be from your bank,
MOBILE DEVICE SECURITY. WHAT IS MOBILE DEVICE SECURITY? Mobile Devices  Smartphones  Laptops  Tablets  USB Memory  Portable Media Player  Handheld.
Slides by Kent Seamons and Tim van der Horst Last Updated: Nov 30, 2011.
IT security By Tilly Gerlack.
Information Security 2013 Roadshow. Roadshow Outline  Why We Care About Information Security  Safe Computing Recognize a Secure Web Site (HTTPS) How.
GOLD UNIT 4 - IT SECURITY FOR USERS (2 CREDITS) Thomas Jenkins.
CIS Computer Security Kasturi Pore Ravi Vyas.
Slides by Kent Seamons and Tim van der Horst Last Updated: Nov 30, 2011.
DATA PROTECTION & FREEDOM OF INFORMATION. What is the difference between Data Protection & Freedom of Information? The Data Protection Act allows you.
SOCIAL ENGINEERING PART IA: HOW SCAMMERS MANIPULATE EMPLOYEES TO GAIN INFORMATION.
Joel Rosenblatt Director, Computer and Network Security September 10, 2013.
Topic 5: Basic Security.
By: Asfa Khan and Huda Mukhtar
© 2013 BALANCE / REV0513 Identity Theft Identity theft can be one of the most shocking and upsetting events to ever happen to you. Fortunately, there are.
Computer Security By Duncan Hall.
INTRODUCTION & QUESTIONS.
JMU GenCyber Boot Camp Summer, Introduction to Reconnaissance Information gathering – Social engineering – Physical break-in – Dumpster diving Scanning.
Social Engineering By: Pete Guhl and Kurt Murrell.
Protecting Your Assets By Preventing Identity Theft 1.
December 10, 2002 Bob Cowles, Computer Security Officer
Identity Theft PD Identity Theft Identity theft is a serious crime which can: Cost you time and money Destroy your.
Sources of Network Intrusion Security threats from network intruders can come from both internal and external sources.  External Threats - External threats.
Designed By: Jennifer Gohn.  “Getting people to do things they wouldn’t ordinarily do for a stranger” –Kevin Mitnick  There are several different.
Jeff loses his identity! Lesson 5: Identity Theft.
Social Engineering The Greatest Security Risk to a Company.
WHAT YOU NEED TO KNOW Chevron Federal Credit Union Great Rates. Personal Service. chevronfcu.org  
Phishing and Internet Scams. Definitions and recent statistics Why is it dangerous? Phishing techniques and identifiers Examples of phishing and scam.
JANELL LAYSER Training Manual. AWARENESS! Social Engineers are out there, and everyone should be prepared to deal with them! They can contact you by phone,
Social Engineering: The Human Element of Computer Security
Social Engineering Dr. X.
Add video notes to lecture
What Is Social Engineering?
Social Engineering Brock’s Cyber Security Awareness Committee
Attention Identity theft Definition
IT Security  .
Social Engineering Charniece Craven COSC 316.
Information Security.
Social Engineering: The Art of Manipulation
Remember the rules of online safety.
Information Security 101 Richard Davis, Rob Laltrello.
Phishing is a form of social engineering that attempts to steal sensitive information.
Social Engineering Brock’s Cyber Security Awareness Committee
Cybersecurity Awareness
Robert Leonard Information Security Manager Hamilton
Protecting Your Identity:
Social Engineering No class today! Dr. X.
What is Phishing? Pronounced “Fishing”
HIPAA Do’s and Don'ts: What is Really Behind Protected Health Information (PHI) and Health Care Privacy Rules Paul Sisler, Director, Information Services;
Presentation transcript:

Social Engineering Networks Reid Chapman Ciaran Hannigan

What is Social Engineering Social Engineering is the art of manipulating people into performing actions or divulging confidential information. This type of attack is non-technical and rely heavily on human interaction.

Social Engineering Hackers use Social Engineering attacks to obtain information that will allow him/her to gain unauthorized access to a valued system and the information that resides on that system.

History of Social Engineering The term Social Engineering was made popular ex-computer criminal Kevin Mitnick. Confessed to illegally accessing private networks and possession of forged documents. Claimed to of only used Social Engineering techniques with no help from software programs.

Types of Attacks Pretexting On-Line Social Engineering Reverse Social Engineering Phone Social Engineering

Pretexting The act of creating and using an invented situation in order to convince a target to release information or grant access to sensitive materials. This type of attack is usually implemented over the phone and can be used to obtain customer information, phone records, banking records and is also used by private investigators.

Pretexting cont’ The hacker will disguise their identity in order to ask a series of questions intended to get the information he/she is wanting from their target. By asking these questions the victim will unknowingly provide the attacker with all the information the hacker needs to carry out their attack.

Online Social Engineering This attack exploits the fact that many users use the same password for all their accounts online such as for their , banking, or facebook accounts. So once an attacker has access to one account he/she has admittance to all of them.

Online cont’ Another common online attack is for a hacker to pretend to be a network admin and send out s which request usernames and passwords, this attack is not as common or successful because people have become more conscious of this type of attack.

Reverse Social Engineering Probably the least used of the attacks. Requires extensive research and planning. The key is to establish yourself in a position of authority and have your targets come to you. Giving you a better chance of retrieving info.

Reverse Social Engineering This form of attack can be divided into three stages. Stage one - Sabotage: Cause a problem (Crash the network) Stage two - Advertise: Send out notice that you are the one to go to to solve the problem. Stage three - Assist: Help the employees and get from them the info you came for. When all is done you fix the problem, leave, and no one is the wiser because the problem is fixed and everyone is happy.

Phone Social Engineering The most common practice of social engineering A Hacker will call someone up and imitate a person of authority and slowly retrieve information from them. Help Desks are incredible vunerable to this type of attack.

Help Desks are Gold Mines Its main purpose is to help. Putting them at a disadvantage against an attacker. People employed at a help desk usually are being paid next to nothing. Giving them little incentive to do anything but answer the questions and move onto the next phone call. So how do you protect yourself?

Protecting Against These Attacks As you know these attacks can take two different approaches; Physical and Psychological The physical aspect; the workplace, over the phone, dumpster diving, and on-line. The psychological aspect; persuasion, impersonation, ingratiation, conformity, and good ol’ fashion friendliness

How To Defend Against the Physical Check and Verify all personnel entering the establishment. More important files should be locked up. Shred all important papers before disposing. Erase all magnetic media (hard drives, disks). All machines on the network should be well protected by passwords. Lock and store dumpsters in secure areas.

Security Policies and Training!!! Corporations make the mistake of only protecting themselves from the physical aspect leaving them almost helpless to the psychological attacks hackers commonly use. Advantage: Alleviates responsibility of worker to make judgment call on the hacker’s request. Policy should address aspects of access control and password changes and protection. Locks, ID’s, and shredders are important and should be required for all employees. Set it in Stone: Violations should be well known and well enforced.

Security Policies and Training!!! All employees should know how to keep confidential information safe. All new employees should attend a security orientation All employees should attend an annual refresher course on these matters. Also sending s to employees concerning this matter; how to spot an attacker, methods in preventing them from falling victim, and stories of current and landmark cases on Social Engineering.

Spotting an Attack What to look for: refusal to give contact information, rushing, name-dropping, intimidation, small mistakes, and requesting protected information. Put yourself in their shoes. Think like a hacker.

What to do for the Average Joe DO NOT DISCLOSE ANY PERSONAL INFORMATION UNLESS PERSON AND/OR SITE IS TRUSTED. Don’t fall prey to all the get rich quick schemes. Update your security software regularly. Have a strong password and change it regularly. Try not to have the same one for all your passwords. Shred your important papers before throwing them out.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.