Social Engineering


Published on

Published in: Technology, Business
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Social Engineering

  1. 1. SOCIAL ENGINEERING By Muhanned Alaqili , CCNA, ACE, Security+ Lewis University
  2. 2. • “ It’s human nature to trust our fellow man, especially when the request meets the test of being reasonable. Social engineers use this knowledge to exploit their victims and to achieve their goals.”- Kevin Mitnick
  3. 3. WHAT ?• What is Social Engineering?It is the tactic or trick of gaining sensitive information by exploiting the basic human naturesuch as: Trust Fear Desire to help
  4. 4. WHY ?Social engineers attempt to gather information such as: Sensitive information Authorization access Access details
  5. 5. APPROACHES• Human-based Social Engineering  Gathers sensitive information by interaction  Attacks of this category exploits trust, fear and helping nature of humans• Computer-based Social Engineering  Carried out with the aid of computers to secretly install spyware or other malicious software or to trick you into handing over your passwords, sensitive financial or personal information
  6. 6. HUMAN-BASED SOCIAL ENGINEERING• Posing as a legitimate End user  Gives identity and asks for sensitive information• Posing as an important user  CEO, project manager,..,etc• Posing as a Technical support• Eavesdropping• Shoulder surfing• Dumpster diving• Tailgating• Piggybacking  a social engineer appears as a legitimate employee and walks into a secure building by following behind someone who has access.
  7. 7. COMPUTER-BASED SOCIAL ENGINEERING• USB Drive / Memory Stick, CD/DVD Malware• Mail• Instance Chat Messenger  Gathering of personal information by chatting with a selected online user to attempt to get information such as birth dates and maiden names• Pop-up Windows ask for users’ information to login/sing in• Websites / Sweepstakes• Spam mail• Phishing  An illegitimate email falsely claiming to be from a legitimate site attempts to acquire user’s personal or account information
  8. 8. COMMON TARGETS• Receptionists• Help desk personnel• Vendors of targeted organization• System Administrator• End users
  9. 9. VECTORSMajor attack vectors that social engineers use:• Online• Telephone• Personal approaches• Reverse social engineering
  10. 10. REVERSE SOCIAL ENGINEERINGMore advance method of Social Engineering and required a great deal of research and preparation.It’s when the hacker create a persona that appears to be in a position of authority so that employeesin the target organization will ask him for information, rather than the other way around !!Reverse Engineering attack involves three parts: Marketing/advertising Sabotage Assisting/providing support
  11. 11. RSE EXAMPLE• The hacker sabotages a network (e.g. switch) , causing a problem arise. That hacker then advertises that he is the appropriate contact to fix the problem, and then, when he comes to fix the network problem, he requests certain bits of information from the employees and gets what he really came for. They never know it was a hacker, because their network problem goes away and everyone is happy.• The hacker marketing himself as a problem solver or an expert in networking for example. Then, sabotage the network (e.g. switch) of targeted organization causing a problem arise, and then, when he called to fix the problem, he request certain bits of information (Server passwords, Network infrastructure, etc.).
  12. 12. CONCLUSIONSocial Engineering is the hardest form of attack to defend against.No matter what hardware / software you have or how much money did you spend so farPEOPLE still the weakest link in the security chain.