Presentation is loading. Please wait.

Presentation is loading. Please wait.

CompTIA Security+ Study Guide (SY0-401)

Published byIda Hannah Hertz Modified over 5 years ago

Similar presentations

Presentation on theme: "CompTIA Security+ Study Guide (SY0-401)"— Presentation transcript:

1 CompTIA Security+ Study Guide (SY0-401)
“Chapter 10: Social Engineering and Other Foes”

2 Chapter 10: Social Engineering and Other Foes
Compare and contrast physical security and environmental controls. Summarize social engineering attacks and the associated effectiveness with each attack. Analyze a scenario and select the appropriate type of mitigation and deterrent techniques. Given a scenario, select the appropriate solution to establish host security. Implement the appropriate controls to ensure data security. Given a scenario, select the appropriate authentication, authorization, or access control.

3 Social Engineering Social engineering
is the process by which intruders gain access to your facilities, your network, and even to your employees by exploiting the generally trusting nature of people. Video 1 – Social Engineer a Business Video 2 - Social Engineer a person

4 Social Engineering Attacks
Shoulder Surfing – watch someone enter their password Dumpster Diving – the importance of shredding BEFORE recycling or throwing away Tailgating (Hold the door)

5 Social Engineering Attacks
Impersonation – pretending to be someone you are not Over the phone In person Example A, Example B

6 Social Engineering Attacks
Hoaxes – e.g. “download this patch to protect you from the bone cancer virus that gives your computer cancer!” Whaling – targeted spear phishing for a “whale” a.k.a. someone with a lot of power Vishing – voice phishing

7 Principles Behind Social Engineering
Authority – they pretend to be your boss Intimidation – threats (if you don’t do this… I need this done now, etc) Consensus/Social Proof – kill them with kindness Scarcity – I can do this now or a month from now Urgency – you’re putting X at risk Familiarity/Liking Trust – they do something for you first

8 Physical Security Access control is a critical part of physical security

9 Physical Security Physical barriers
the objective of a physical barrier is to prevent access to computers and network systems

10 Lenel Onguard

11 Multiple barrier system
Having more than one physical barrier to cross Systems should have a minimum of three physical barriers (perimeter, area, room)

12 Physical Security Hardware Locks and Security
involves applying physical security modifications to secure the system(s)and prevent them from leaving the facility Mantraps require visual identification, as well as authentication, to gain access

13 Desktop Hardware Lock Prevents the case from being opened (HDD being stolen) or the tower from being stolen

14 Physical Security Video Surveillance – placement (mantraps, entrance/exit, loading dock, etc) Camera vs. Guard – who’s monitoring the camera vs human error Fencing/Perimeter Security – deterrent and your first line of defense Access Control List – e.g. Lenel Onguard badge access Proper Lighting - deterrent Signs – deterrent – authorized personnel only, violators will be pointed at Guards – expensive and prone to social engineering Barricades – think military, prevent someone from ramming through

15 Physical Security Biometrics
Biometric systems use some kind of unique biological trait to identify a person, such as fingerprints, patterns on the retina, and handprints Protected Distribution Systems (PDS) Network is so physically secure (e.g. NSA, no cell phones allowed, no USBs, no unauthorized personnel) that network security is relaxed Alarms – divide buildings into security zones Motion Detection – turn on cameras, lights, sound an alarm, etc

16 Environmental Controls
HVAC (includes humidity monitoring) EMI Shielding Faraday cage – Woven, grounded cable mesh that surrounds a room to “catch” (reduce) EMI

17 Environmental Controls
Fire Suppression Fire Extinguisher Types Wood and Paper (water/chemical) Flammable Liquids (chemicals) Electrical (nonconductive chemicals) Flammable metals (varies) Annual inspections Fixed systems Overhead sprinklers HALON (gas emitting sprinklers, much better for electronic equipment!)

18 Hot and Cold Aisles

19 Products that Solve Most Electrical Line Problems:
Surge Protectors protect electrical components from momentary or instantaneous increases (called spikes) in a power line Power Conditioners are active devices that effectively isolate and regulate voltage in a building Backup Power is generally used in situations where continuous power is needed in the event of a power loss

20 Chapter 10: Physical and Hardware-Based Security
EMI Shielding Electromagnetic interference (EMI) frequency interference (RFI) Shielding refers to the process of preventing electronic emissions from your computer systems from being used to gather intelligence and preventing outside electronic emissions from disrupting your information-processing abilities

21 EMI Interference

22 Control Types Deterrent – signs, lights
Preventative – door locks, training Detective – AV, audit logs Compensating – backup generator, physical lock in addition to fingerprint scanner Technical – firewalls, Lenel Onguard, etc Administrative – policies, procedures (e.g. when someone leaves, change all the codes/passwords that they knew)

23 Chapter Summary Social Engineering concepts
Security Awareness training HVAC/environmental controls EMI shielding Fire Extinguisher types Control types

Download ppt "CompTIA Security+ Study Guide (SY0-401)"

Similar presentations

Chapter 7: Physical & Environmental Security

Chapter 7: Physical & Environmental Security
Ethics, Privacy and Information Security

Ethics, Privacy and Information Security
Computer Security Computer Security is defined as:

Computer Security Computer Security is defined as:
Information System protection and Security. Need for Information System Security §With the invent of computers and telecommunication systems, organizations.

Information System protection and Security. Need for Information System Security §With the invent of computers and telecommunication systems, organizations.
PHYSICAL SECURITY Attacker. Physical Security Not all attacks on your organization's data come across the network. Many companies focus on an “iron-clad”

PHYSICAL SECURITY Attacker. Physical Security Not all attacks on your organization's data come across the network. Many companies focus on an “iron-clad”
Copyright © 2015 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.

Copyright © 2015 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.
Dr. Bhavani Thuraisingham The University of Texas at Dallas (UTD) June 2011 Physical (Environmental) Security.

Dr. Bhavani Thuraisingham The University of Texas at Dallas (UTD) June 2011 Physical (Environmental) Security.
1 Telstra in Confidence Managing Security for our Mobile Technology.

1 Telstra in Confidence Managing Security for our Mobile Technology.
General Security Principles and Practices Chapter 3.

General Security Principles and Practices Chapter 3.
Stephen S. Yau CSE 465 & CSE591, Fall 2006 1 Physical Security for Information Systems.

Stephen S. Yau CSE 465 & CSE591, Fall Physical Security for Information Systems.
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Qualitative.

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Qualitative.
Information Security Principles and Practices

Information Security Principles and Practices
Lecture 11 Reliability and Security in IT infrastructure.

Lecture 11 Reliability and Security in IT infrastructure.
Computer Security: Principles and Practice EECS710: Information Security Professor Hossein Saiedian Fall 2014 Chapter 16: Physical and Infrastructure Security.

Computer Security: Principles and Practice EECS710: Information Security Professor Hossein Saiedian Fall 2014 Chapter 16: Physical and Infrastructure Security.
Microsoft Technology Associate

Microsoft Technology Associate
Information Systems Security Physical Security Domain #4.

Information Systems Security Physical Security Domain #4.
Physical Security Chapter 9.

Physical Security Chapter 9.
Chapter 3.  Security Framework  Operational Security Lifecycle  Security Perimeter  Access Control  Social Engineering  Environmental Issues.

Chapter 3.  Security Framework  Operational Security Lifecycle  Security Perimeter  Access Control  Social Engineering  Environmental Issues.
Physical Security SAND No. 2005-3288 C Sandia is a multiprogram laboratory operated by Sandia Corporation, a Lockheed Martin Company, for the United States.

Physical Security SAND No C Sandia is a multiprogram laboratory operated by Sandia Corporation, a Lockheed Martin Company, for the United States.
The Impact of Physical Security on Network Security

The Impact of Physical Security on Network Security

Similar presentations

Ads by Google