SlideShare a Scribd company logo

Hacking3e ppt ch13

S
Skillspire LLC

cybersecurity

Education
1 of 21
© 2020 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Hacker Techniques, Tools, and Incident Handling Chapter 13 Social Engineering
Page 2 Hacker Techniques, Tools, and Incident Handling © 2020 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Learning Objective  Analyze vulnerabilities exploited by hackers.
Page 3 Hacker Techniques, Tools, and Incident Handling © 2020 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Key Concepts  Types of social engineering attacks  Technology and social engineering  Best practices for passwords  Social networking risks
Page 4 Hacker Techniques, Tools, and Incident Handling © 2020 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. What Is Social Engineering?  Tricking or coercing people into revealing information or violating security practices  Viruses, Trojan horses, scareware, and phishing all rely on trickery to be effective  Relies on a person’s ignorance of how valuable their personal information or authority may be to someone looking to steal, use, or sell it  Is dangerous because, when successful, results in an authorized individual carrying out actions on behalf of an unauthorized party
Page 5 Hacker Techniques, Tools, and Incident Handling © 2020 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Types of Social Engineering Attacks Physical • People being physically present and making personal contact Physical Object • May steal a physical object such as a smartphone, USB drive, or file folder Psychological • Some attacks may be psychological in nature or use elements of both
Page 6 Hacker Techniques, Tools, and Incident Handling © 2020 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Types of Social Engineering Attacks (Cont.)  Phone-based attacks  Dumpster diving  Shoulder surfing  Social media (Facebook, Twitter, LinkedIn)  Persuasion/coercion  Reverse social engineering
Page 7 Hacker Techniques, Tools, and Incident Handling © 2020 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Browser Defenses Against Social Engineering Pop-up blocker Unsafe site warnings Integration with antivirus/anti-malware software Automatic updates Private browsing capability
Page 8 Hacker Techniques, Tools, and Incident Handling © 2020 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Other Good Practices for Safe Computing  Beware the potentially high price of “free” Wi-Fi  Take care when accessing secure websites in public  Be wary of public computers  Make sure your home network is secure, too  Be cautious about saving personal information on shopping websites  Keep your personal computer personal  Do not install software you do not want  Don’t overlook the malware risks to Apple and Linux computers and mobile devices
Page 9 Hacker Techniques, Tools, and Incident Handling © 2020 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Know What the Web Knows About You Spokeo Facebook Intellius Zabasearch People Search
Page 10 Hacker Techniques, Tools, and Incident Handling © 2020 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Creating and Managing Your Passwords  Use separate passwords for different types of accounts  Not easy to guess (include numbers and special characters)  Use variations on a single base password  Make a list of accounts to which you apply the new passwords  Change the passwords  Invest in a password manager
Page 11 Hacker Techniques, Tools, and Incident Handling © 2020 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Investing in a Password Manager A password manager • A software that helps you organize and track your usernames and passwords Popular password managers • Zoho Vault • Dashlane • Sticky Password • Password Boss • LastPass
Page 12 Hacker Techniques, Tools, and Incident Handling © 2020 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Social Engineering and Social Networking  Questions to ask yourself before you post: • What do you really want to share on this site? • How sensitive could this information be? • Is it information you would share with people you were meeting face to face? • How would you feel if this information were spread around the world? • What if your children or parents read this information?
Page 13 Hacker Techniques, Tools, and Incident Handling © 2020 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. An Overview of the Risks in Social Networking How common are scams? What are the risks? What scams should people be alert to? How are businesses responding to risks of social networks?
Page 14 Hacker Techniques, Tools, and Incident Handling © 2020 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. How Common are the Risks on Social Networks? Facebook 2 billion users Instagram 700 million users Twitter 328 million users  Given this kind of volume and reach, it’s easy to see why criminals look to social media sites for to locate and identify victims
Page 15 Hacker Techniques, Tools, and Incident Handling © 2020 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Risks in Social Media Mistakes you don’t want to make • Don’t use one password for all your accounts • Don’t share “too much information” • Don’t engage in “tweet rage” • Remember to protect your own “brand” • Be ready to protect your corporate brand
Page 16 Hacker Techniques, Tools, and Incident Handling © 2020 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Common Social Engineering Scams in Social Media  Avoid “secret” celebrity gossip  I’m trapped in Paris! Please send money  Did you see this picture of yourself?  Test your IQ  Join State University’s Class of 2013 Facebook group  Tweet for cash!  Ur Cute. Mgs me on FB  Protect a family from H1N1 flu  Mike Smith commented on a post!  Amber alert issued!
Page 17 Hacker Techniques, Tools, and Incident Handling © 2020 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Social Networking in a Corporate Setting Most companies don’t have policies yet Many companies are unaware of the risk About 50 percent of company have implemented a social networking policy
Page 18 Hacker Techniques, Tools, and Incident Handling © 2020 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Concerns in a Corporate Setting  Oversharing company activities  Mixing personal with professional  Tweet rage  Collecting too many connections  Password sloth • Same password for many accounts  Trigger finger • Clicking on links impulsively without investigating first
Page 19 Hacker Techniques, Tools, and Incident Handling © 2020 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Avoid Endangering Yourself and Others  Be wary of publishing identifying information about yourself.  Pick a username that doesn’t include personal information.  Set up a separate email account that doesn’t use your real name, and use that account to register and receive mail from sites where you have to register.  Use a strong password.  Keep your profile closed and allow only friends to view it.  Don’t say anything or publish pictures that might cause you embarrassment later.  Use the privacy features on the sites you use to restrict strangers’ access to your profile. Be guarded about whom you  invite into your network.  Be particularly on guard against phishing scams.
Page 20 Hacker Techniques, Tools, and Incident Handling © 2020 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Facebook Security  Read the Facebook guide to privacy  Think carefully about whom you allow to become a friend  Show “limited friends” a cutdown version of your profile  Disable options and then open them one by one
Page 21 Hacker Techniques, Tools, and Incident Handling © 2020 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Summary  Types of social engineering attacks  Technology and social engineering  Best practices for passwords  Social networking risks

Recommended

FSSAI (Challenges and Shortcomings and Definitions)
FSSAI (Challenges and Shortcomings and Definitions)FSSAI (Challenges and Shortcomings and Definitions)
FSSAI (Challenges and Shortcomings and Definitions)Devsthali Vidyapeeth College of Pharmacy
 
Uso y manejo de extintores
Uso y manejo de extintoresUso y manejo de extintores
Uso y manejo de extintoresdaniel gonzales llanos
 
4. Riesgos comunes de incendio (2).pdf
4. Riesgos comunes de incendio (2).pdf4. Riesgos comunes de incendio (2).pdf
4. Riesgos comunes de incendio (2).pdfjuan417820
 
Nfpa 10 extintores portatiles
Nfpa 10 extintores portatilesNfpa 10 extintores portatiles
Nfpa 10 extintores portatilesXavier Jesus Suarez Carrillo
 
Asme b30 20-2010 ok
Asme b30 20-2010 okAsme b30 20-2010 ok
Asme b30 20-2010 okSIGPROMAP
 
1. SEGURIDAD HUMANA NSR 98 – NSR10 (4).pptx
1. SEGURIDAD HUMANA NSR 98 – NSR10 (4).pptx1. SEGURIDAD HUMANA NSR 98 – NSR10 (4).pptx
1. SEGURIDAD HUMANA NSR 98 – NSR10 (4).pptxAlejandroneira20
 
September 2019 part 9
September 2019 part 9September 2019 part 9
September 2019 part 9seadeloitte
 
media safety .pptx
media safety .pptxmedia safety .pptx
media safety .pptxGAmarioarei
 

Recommended

FSSAI (Challenges and Shortcomings and Definitions)
FSSAI (Challenges and Shortcomings and Definitions)FSSAI (Challenges and Shortcomings and Definitions)
FSSAI (Challenges and Shortcomings and Definitions)Devsthali Vidyapeeth College of Pharmacy
 
Uso y manejo de extintores
Uso y manejo de extintoresUso y manejo de extintores
Uso y manejo de extintoresdaniel gonzales llanos
 
4. Riesgos comunes de incendio (2).pdf
4. Riesgos comunes de incendio (2).pdf4. Riesgos comunes de incendio (2).pdf
4. Riesgos comunes de incendio (2).pdfjuan417820
 
Nfpa 10 extintores portatiles
Nfpa 10 extintores portatilesNfpa 10 extintores portatiles
Nfpa 10 extintores portatilesXavier Jesus Suarez Carrillo
 
Asme b30 20-2010 ok
Asme b30 20-2010 okAsme b30 20-2010 ok
Asme b30 20-2010 okSIGPROMAP
 
1. SEGURIDAD HUMANA NSR 98 – NSR10 (4).pptx
1. SEGURIDAD HUMANA NSR 98 – NSR10 (4).pptx1. SEGURIDAD HUMANA NSR 98 – NSR10 (4).pptx
1. SEGURIDAD HUMANA NSR 98 – NSR10 (4).pptxAlejandroneira20
 
September 2019 part 9
September 2019 part 9September 2019 part 9
September 2019 part 9seadeloitte
 
media safety .pptx
media safety .pptxmedia safety .pptx
media safety .pptxGAmarioarei
 
Top Ten Ways to Shockproof Your Use of Social Media
Top Ten Ways to Shockproof Your Use of Social MediaTop Ten Ways to Shockproof Your Use of Social Media
Top Ten Ways to Shockproof Your Use of Social MediaBen Woelk, CISSP, CPTC
 
Hacking3e ppt ch10
Hacking3e ppt ch10Hacking3e ppt ch10
Hacking3e ppt ch10Skillspire LLC
 
Users guide
Users guideUsers guide
Users guideDarren Thomas
 
Social Networking Security For OCRI - Scott Wright - Condensed July 9, 2009
Social Networking Security For OCRI - Scott Wright - Condensed July 9, 2009Social Networking Security For OCRI - Scott Wright - Condensed July 9, 2009
Social Networking Security For OCRI - Scott Wright - Condensed July 9, 2009Scott Wright
 
Cybersecurity for children
Cybersecurity for childrenCybersecurity for children
Cybersecurity for childrenSaurav Jha
 
Protect
ProtectProtect
ProtectYamitza Rosas
 
Social media Risk Management Presentation Sample (Animations don't work in sl...
Social media Risk Management Presentation Sample (Animations don't work in sl...Social media Risk Management Presentation Sample (Animations don't work in sl...
Social media Risk Management Presentation Sample (Animations don't work in sl...Alexander Larsen
 
My Online Image
My Online ImageMy Online Image
My Online Imagealuthe
 
Internet 2.0 Conference Reviews Ways To Spot Scam Offenses In The Digital Com...
Internet 2.0 Conference Reviews Ways To Spot Scam Offenses In The Digital Com...Internet 2.0 Conference Reviews Ways To Spot Scam Offenses In The Digital Com...
Internet 2.0 Conference Reviews Ways To Spot Scam Offenses In The Digital Com...Internet 2Conf
 
Ester Horowitz - M2Power Inc - Identify Theft and Growing Businesses
Ester Horowitz - M2Power Inc - Identify Theft and Growing BusinessesEster Horowitz - M2Power Inc - Identify Theft and Growing Businesses
Ester Horowitz - M2Power Inc - Identify Theft and Growing BusinessesRamon Ray
 
Social Media Awareness
Social Media AwarenessSocial Media Awareness
Social Media AwarenessDr Raghu Khimani
 
Computer And Internet Security
Computer And Internet SecurityComputer And Internet Security
Computer And Internet SecurityAshley Zimmerman
 
Computer And Internet Security
Computer And Internet SecurityComputer And Internet Security
Computer And Internet SecurityJFashant
 
Emp tech las-week-2
Emp tech las-week-2Emp tech las-week-2
Emp tech las-week-2Joemer Mabagos
 
Social Networking
Social NetworkingSocial Networking
Social NetworkingMarthamcameron
 
Masterclass_ Cybersecurity and Data Privacy Basics
Masterclass_ Cybersecurity and Data Privacy BasicsMasterclass_ Cybersecurity and Data Privacy Basics
Masterclass_ Cybersecurity and Data Privacy BasicsExcellence Foundation for South Sudan
 
Cyber Safety How Children Can Protect Themselves From Online Threats
Cyber Safety How Children Can Protect Themselves From Online ThreatsCyber Safety How Children Can Protect Themselves From Online Threats
Cyber Safety How Children Can Protect Themselves From Online Threatsmkinzie
 
Guide to facebook security
Guide to facebook securityGuide to facebook security
Guide to facebook securityguadalinfoyunquera
 
Hacking3e ppt ch01
Hacking3e ppt ch01Hacking3e ppt ch01
Hacking3e ppt ch01Skillspire LLC
 
Protecting Yourself Against Mobile Phishing
Protecting Yourself Against Mobile PhishingProtecting Yourself Against Mobile Phishing
Protecting Yourself Against Mobile PhishingAlliance Data card services - Know More Sell More
 
Logistics
LogisticsLogistics
LogisticsSkillspire LLC
 
Introduction to analytics
Introduction to analyticsIntroduction to analytics
Introduction to analyticsSkillspire LLC
 

More Related Content

Similar to Hacking3e ppt ch13

Top Ten Ways to Shockproof Your Use of Social Media
Top Ten Ways to Shockproof Your Use of Social MediaTop Ten Ways to Shockproof Your Use of Social Media
Top Ten Ways to Shockproof Your Use of Social MediaBen Woelk, CISSP, CPTC
 
Social Networking Security For OCRI - Scott Wright - Condensed July 9, 2009
Social Networking Security For OCRI - Scott Wright - Condensed July 9, 2009Social Networking Security For OCRI - Scott Wright - Condensed July 9, 2009
Social Networking Security For OCRI - Scott Wright - Condensed July 9, 2009Scott Wright
 
Cybersecurity for children
Cybersecurity for childrenCybersecurity for children
Cybersecurity for childrenSaurav Jha
 
Social media Risk Management Presentation Sample (Animations don't work in sl...
Social media Risk Management Presentation Sample (Animations don't work in sl...Social media Risk Management Presentation Sample (Animations don't work in sl...
Social media Risk Management Presentation Sample (Animations don't work in sl...Alexander Larsen
 
My Online Image
My Online ImageMy Online Image
My Online Imagealuthe
 
Internet 2.0 Conference Reviews Ways To Spot Scam Offenses In The Digital Com...
Internet 2.0 Conference Reviews Ways To Spot Scam Offenses In The Digital Com...Internet 2.0 Conference Reviews Ways To Spot Scam Offenses In The Digital Com...
Internet 2.0 Conference Reviews Ways To Spot Scam Offenses In The Digital Com...Internet 2Conf
 
Ester Horowitz - M2Power Inc - Identify Theft and Growing Businesses
Ester Horowitz - M2Power Inc - Identify Theft and Growing BusinessesEster Horowitz - M2Power Inc - Identify Theft and Growing Businesses
Ester Horowitz - M2Power Inc - Identify Theft and Growing BusinessesRamon Ray
 
Computer And Internet Security
Computer And Internet SecurityComputer And Internet Security
Computer And Internet SecurityAshley Zimmerman
 
Computer And Internet Security
Computer And Internet SecurityComputer And Internet Security
Computer And Internet SecurityJFashant
 
Cyber Safety How Children Can Protect Themselves From Online Threats
Cyber Safety How Children Can Protect Themselves From Online ThreatsCyber Safety How Children Can Protect Themselves From Online Threats
Cyber Safety How Children Can Protect Themselves From Online Threatsmkinzie
 

Similar to Hacking3e ppt ch13 (20)

Top Ten Ways to Shockproof Your Use of Social Media
Top Ten Ways to Shockproof Your Use of Social MediaTop Ten Ways to Shockproof Your Use of Social Media
Top Ten Ways to Shockproof Your Use of Social Media
 
Hacking3e ppt ch10
Hacking3e ppt ch10Hacking3e ppt ch10
Hacking3e ppt ch10
 
Users guide
Users guideUsers guide
Users guide
 
Social Networking Security For OCRI - Scott Wright - Condensed July 9, 2009
Social Networking Security For OCRI - Scott Wright - Condensed July 9, 2009Social Networking Security For OCRI - Scott Wright - Condensed July 9, 2009
Social Networking Security For OCRI - Scott Wright - Condensed July 9, 2009
 
Cybersecurity for children
Cybersecurity for childrenCybersecurity for children
Cybersecurity for children
 
Protect
ProtectProtect
Protect
 
Social media Risk Management Presentation Sample (Animations don't work in sl...
Social media Risk Management Presentation Sample (Animations don't work in sl...Social media Risk Management Presentation Sample (Animations don't work in sl...
Social media Risk Management Presentation Sample (Animations don't work in sl...
 
My Online Image
My Online ImageMy Online Image
My Online Image
 
Internet 2.0 Conference Reviews Ways To Spot Scam Offenses In The Digital Com...
Internet 2.0 Conference Reviews Ways To Spot Scam Offenses In The Digital Com...Internet 2.0 Conference Reviews Ways To Spot Scam Offenses In The Digital Com...
Internet 2.0 Conference Reviews Ways To Spot Scam Offenses In The Digital Com...
 
Ester Horowitz - M2Power Inc - Identify Theft and Growing Businesses
Ester Horowitz - M2Power Inc - Identify Theft and Growing BusinessesEster Horowitz - M2Power Inc - Identify Theft and Growing Businesses
Ester Horowitz - M2Power Inc - Identify Theft and Growing Businesses
 
Social Media Awareness
Social Media AwarenessSocial Media Awareness
Social Media Awareness
 
Computer And Internet Security
Computer And Internet SecurityComputer And Internet Security
Computer And Internet Security
 
Computer And Internet Security
Computer And Internet SecurityComputer And Internet Security
Computer And Internet Security
 
Emp tech las-week-2
Emp tech las-week-2Emp tech las-week-2
Emp tech las-week-2
 
Social Networking
Social NetworkingSocial Networking
Social Networking
 
Masterclass_ Cybersecurity and Data Privacy Basics
Masterclass_ Cybersecurity and Data Privacy BasicsMasterclass_ Cybersecurity and Data Privacy Basics
Masterclass_ Cybersecurity and Data Privacy Basics
 
Cyber Safety How Children Can Protect Themselves From Online Threats
Cyber Safety How Children Can Protect Themselves From Online ThreatsCyber Safety How Children Can Protect Themselves From Online Threats
Cyber Safety How Children Can Protect Themselves From Online Threats
 
Guide to facebook security
Guide to facebook securityGuide to facebook security
Guide to facebook security
 
Hacking3e ppt ch01
Hacking3e ppt ch01Hacking3e ppt ch01
Hacking3e ppt ch01
 
Protecting Yourself Against Mobile Phishing
Protecting Yourself Against Mobile PhishingProtecting Yourself Against Mobile Phishing
Protecting Yourself Against Mobile Phishing
 

More from Skillspire LLC

Introduction to analytics
Introduction to analyticsIntroduction to analytics
Introduction to analyticsSkillspire LLC
 

More from Skillspire LLC (20)

Logistics
LogisticsLogistics
Logistics
 
Introduction to analytics
Introduction to analyticsIntroduction to analytics
Introduction to analytics
 
Lecture 31
Lecture 31Lecture 31
Lecture 31
 
Lecture 30
Lecture 30Lecture 30
Lecture 30
 
Lecture 29
Lecture 29Lecture 29
Lecture 29
 
Review
ReviewReview
Review
 
Review version 4
Review version 4Review version 4
Review version 4
 
Review version 3
Review version 3Review version 3
Review version 3
 
Review version 2
Review version 2Review version 2
Review version 2
 
Lecture 25
Lecture 25Lecture 25
Lecture 25
 
Lecture 24
Lecture 24Lecture 24
Lecture 24
 
Lecture 23 p1
Lecture 23 p1Lecture 23 p1
Lecture 23 p1
 
Lecture 21
Lecture 21Lecture 21
Lecture 21
 
Lecture 17
Lecture 17Lecture 17
Lecture 17
 
Lecture 16
Lecture 16Lecture 16
Lecture 16
 
Lecture 15
Lecture 15Lecture 15
Lecture 15
 
Lecture 14
Lecture 14Lecture 14
Lecture 14
 
Lecture 14
Lecture 14Lecture 14
Lecture 14
 
Lecture 13
Lecture 13Lecture 13
Lecture 13
 
Lecture 12
Lecture 12Lecture 12
Lecture 12
 

Recently uploaded

How to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxHow to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxmanuelaromero2013
 
internship ppt on smartinternz platform as salesforce developer
internship ppt on smartinternz platform as salesforce developerinternship ppt on smartinternz platform as salesforce developer
internship ppt on smartinternz platform as salesforce developerunnathinaik
 
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptxECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptxiammrhaywood
 
How to Configure Email Server in Odoo 17
How to Configure Email Server in Odoo 17How to Configure Email Server in Odoo 17
How to Configure Email Server in Odoo 17Celine George
 
Final demo Grade 9 for demo Plan dessert.pptx
Final demo Grade 9 for demo Plan dessert.pptxFinal demo Grade 9 for demo Plan dessert.pptx
Final demo Grade 9 for demo Plan dessert.pptxAvyJaneVismanos
 
Full Stack Web Development Course for Beginners
Full Stack Web Development Course for BeginnersFull Stack Web Development Course for Beginners
Full Stack Web Development Course for BeginnersSabitha Banu
 
Employee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxEmployee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxNirmalaLoungPoorunde1
 
Solving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptxSolving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptxOH TEIK BIN
 
Historical philosophical, theoretical, and legal foundations of special and i...
Historical philosophical, theoretical, and legal foundations of special and i...Historical philosophical, theoretical, and legal foundations of special and i...
Historical philosophical, theoretical, and legal foundations of special and i...jaredbarbolino94
 
Painted Grey Ware.pptx, PGW Culture of India
Painted Grey Ware.pptx, PGW Culture of IndiaPainted Grey Ware.pptx, PGW Culture of India
Painted Grey Ware.pptx, PGW Culture of IndiaVirag Sontakke
 
Proudly South Africa powerpoint Thorisha.pptx
Proudly South Africa powerpoint Thorisha.pptxProudly South Africa powerpoint Thorisha.pptx
Proudly South Africa powerpoint Thorisha.pptxthorishapillay1
 
Earth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice greatEarth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice greatYousafMalik24
 
भारत-रोम व्यापार.pptx, Indo-Roman Trade,
भारत-रोम व्यापार.pptx, Indo-Roman Trade,भारत-रोम व्यापार.pptx, Indo-Roman Trade,
भारत-रोम व्यापार.pptx, Indo-Roman Trade,Virag Sontakke
 
Meghan Sutherland In Media Res Media Component
Meghan Sutherland In Media Res Media ComponentMeghan Sutherland In Media Res Media Component
Meghan Sutherland In Media Res Media ComponentInMediaRes1
 
DATA STRUCTURE AND ALGORITHM for beginners
DATA STRUCTURE AND ALGORITHM for beginnersDATA STRUCTURE AND ALGORITHM for beginners
DATA STRUCTURE AND ALGORITHM for beginnersSabitha Banu
 
MARGINALIZATION (Different learners in Marginalized Group
MARGINALIZATION (Different learners in Marginalized GroupMARGINALIZATION (Different learners in Marginalized Group
MARGINALIZATION (Different learners in Marginalized GroupJonathanParaisoCruz
 
EPANDING THE CONTENT OF AN OUTLINE using notes.pptx
EPANDING THE CONTENT OF AN OUTLINE using notes.pptxEPANDING THE CONTENT OF AN OUTLINE using notes.pptx
EPANDING THE CONTENT OF AN OUTLINE using notes.pptxRaymartEstabillo3
 

Recently uploaded (20)

How to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxHow to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptx
 
internship ppt on smartinternz platform as salesforce developer
internship ppt on smartinternz platform as salesforce developerinternship ppt on smartinternz platform as salesforce developer
internship ppt on smartinternz platform as salesforce developer
 
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptxECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
 
How to Configure Email Server in Odoo 17
How to Configure Email Server in Odoo 17How to Configure Email Server in Odoo 17
How to Configure Email Server in Odoo 17
 
Final demo Grade 9 for demo Plan dessert.pptx
Final demo Grade 9 for demo Plan dessert.pptxFinal demo Grade 9 for demo Plan dessert.pptx
Final demo Grade 9 for demo Plan dessert.pptx
 
TataKelola dan KamSiber Kecerdasan Buatan v022.pdf
TataKelola dan KamSiber Kecerdasan Buatan v022.pdfTataKelola dan KamSiber Kecerdasan Buatan v022.pdf
TataKelola dan KamSiber Kecerdasan Buatan v022.pdf
 
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
 
Full Stack Web Development Course for Beginners
Full Stack Web Development Course for BeginnersFull Stack Web Development Course for Beginners
Full Stack Web Development Course for Beginners
 
Employee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxEmployee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptx
 
Solving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptxSolving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptx
 
Historical philosophical, theoretical, and legal foundations of special and i...
Historical philosophical, theoretical, and legal foundations of special and i...Historical philosophical, theoretical, and legal foundations of special and i...
Historical philosophical, theoretical, and legal foundations of special and i...
 
Painted Grey Ware.pptx, PGW Culture of India
Painted Grey Ware.pptx, PGW Culture of IndiaPainted Grey Ware.pptx, PGW Culture of India
Painted Grey Ware.pptx, PGW Culture of India
 
Proudly South Africa powerpoint Thorisha.pptx
Proudly South Africa powerpoint Thorisha.pptxProudly South Africa powerpoint Thorisha.pptx
Proudly South Africa powerpoint Thorisha.pptx
 
Earth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice greatEarth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice great
 
भारत-रोम व्यापार.pptx, Indo-Roman Trade,
भारत-रोम व्यापार.pptx, Indo-Roman Trade,भारत-रोम व्यापार.pptx, Indo-Roman Trade,
भारत-रोम व्यापार.pptx, Indo-Roman Trade,
 
9953330565 Low Rate Call Girls In Rohini Delhi NCR
9953330565 Low Rate Call Girls In Rohini Delhi NCR9953330565 Low Rate Call Girls In Rohini Delhi NCR
9953330565 Low Rate Call Girls In Rohini Delhi NCR
 
Meghan Sutherland In Media Res Media Component
Meghan Sutherland In Media Res Media ComponentMeghan Sutherland In Media Res Media Component
Meghan Sutherland In Media Res Media Component
 
DATA STRUCTURE AND ALGORITHM for beginners
DATA STRUCTURE AND ALGORITHM for beginnersDATA STRUCTURE AND ALGORITHM for beginners
DATA STRUCTURE AND ALGORITHM for beginners
 
MARGINALIZATION (Different learners in Marginalized Group
MARGINALIZATION (Different learners in Marginalized GroupMARGINALIZATION (Different learners in Marginalized Group
MARGINALIZATION (Different learners in Marginalized Group
 
EPANDING THE CONTENT OF AN OUTLINE using notes.pptx
EPANDING THE CONTENT OF AN OUTLINE using notes.pptxEPANDING THE CONTENT OF AN OUTLINE using notes.pptx
EPANDING THE CONTENT OF AN OUTLINE using notes.pptx
 

Hacking3e ppt ch13

  • 1. © 2020 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Hacker Techniques, Tools, and Incident Handling Chapter 13 Social Engineering
  • 2. Page 2 Hacker Techniques, Tools, and Incident Handling © 2020 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Learning Objective  Analyze vulnerabilities exploited by hackers.
  • 3. Page 3 Hacker Techniques, Tools, and Incident Handling © 2020 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Key Concepts  Types of social engineering attacks  Technology and social engineering  Best practices for passwords  Social networking risks
  • 4. Page 4 Hacker Techniques, Tools, and Incident Handling © 2020 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. What Is Social Engineering?  Tricking or coercing people into revealing information or violating security practices  Viruses, Trojan horses, scareware, and phishing all rely on trickery to be effective  Relies on a person’s ignorance of how valuable their personal information or authority may be to someone looking to steal, use, or sell it  Is dangerous because, when successful, results in an authorized individual carrying out actions on behalf of an unauthorized party
  • 5. Page 5 Hacker Techniques, Tools, and Incident Handling © 2020 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Types of Social Engineering Attacks Physical • People being physically present and making personal contact Physical Object • May steal a physical object such as a smartphone, USB drive, or file folder Psychological • Some attacks may be psychological in nature or use elements of both
  • 6. Page 6 Hacker Techniques, Tools, and Incident Handling © 2020 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Types of Social Engineering Attacks (Cont.)  Phone-based attacks  Dumpster diving  Shoulder surfing  Social media (Facebook, Twitter, LinkedIn)  Persuasion/coercion  Reverse social engineering
  • 7. Page 7 Hacker Techniques, Tools, and Incident Handling © 2020 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Browser Defenses Against Social Engineering Pop-up blocker Unsafe site warnings Integration with antivirus/anti-malware software Automatic updates Private browsing capability
  • 8. Page 8 Hacker Techniques, Tools, and Incident Handling © 2020 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Other Good Practices for Safe Computing  Beware the potentially high price of “free” Wi-Fi  Take care when accessing secure websites in public  Be wary of public computers  Make sure your home network is secure, too  Be cautious about saving personal information on shopping websites  Keep your personal computer personal  Do not install software you do not want  Don’t overlook the malware risks to Apple and Linux computers and mobile devices
  • 9. Page 9 Hacker Techniques, Tools, and Incident Handling © 2020 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Know What the Web Knows About You Spokeo Facebook Intellius Zabasearch People Search
  • 10. Page 10 Hacker Techniques, Tools, and Incident Handling © 2020 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Creating and Managing Your Passwords  Use separate passwords for different types of accounts  Not easy to guess (include numbers and special characters)  Use variations on a single base password  Make a list of accounts to which you apply the new passwords  Change the passwords  Invest in a password manager
  • 11. Page 11 Hacker Techniques, Tools, and Incident Handling © 2020 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Investing in a Password Manager A password manager • A software that helps you organize and track your usernames and passwords Popular password managers • Zoho Vault • Dashlane • Sticky Password • Password Boss • LastPass
  • 12. Page 12 Hacker Techniques, Tools, and Incident Handling © 2020 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Social Engineering and Social Networking  Questions to ask yourself before you post: • What do you really want to share on this site? • How sensitive could this information be? • Is it information you would share with people you were meeting face to face? • How would you feel if this information were spread around the world? • What if your children or parents read this information?
  • 13. Page 13 Hacker Techniques, Tools, and Incident Handling © 2020 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. An Overview of the Risks in Social Networking How common are scams? What are the risks? What scams should people be alert to? How are businesses responding to risks of social networks?
  • 14. Page 14 Hacker Techniques, Tools, and Incident Handling © 2020 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. How Common are the Risks on Social Networks? Facebook 2 billion users Instagram 700 million users Twitter 328 million users  Given this kind of volume and reach, it’s easy to see why criminals look to social media sites for to locate and identify victims
  • 15. Page 15 Hacker Techniques, Tools, and Incident Handling © 2020 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Risks in Social Media Mistakes you don’t want to make • Don’t use one password for all your accounts • Don’t share “too much information” • Don’t engage in “tweet rage” • Remember to protect your own “brand” • Be ready to protect your corporate brand
  • 16. Page 16 Hacker Techniques, Tools, and Incident Handling © 2020 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Common Social Engineering Scams in Social Media  Avoid “secret” celebrity gossip  I’m trapped in Paris! Please send money  Did you see this picture of yourself?  Test your IQ  Join State University’s Class of 2013 Facebook group  Tweet for cash!  Ur Cute. Mgs me on FB  Protect a family from H1N1 flu  Mike Smith commented on a post!  Amber alert issued!
  • 17. Page 17 Hacker Techniques, Tools, and Incident Handling © 2020 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Social Networking in a Corporate Setting Most companies don’t have policies yet Many companies are unaware of the risk About 50 percent of company have implemented a social networking policy
  • 18. Page 18 Hacker Techniques, Tools, and Incident Handling © 2020 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Concerns in a Corporate Setting  Oversharing company activities  Mixing personal with professional  Tweet rage  Collecting too many connections  Password sloth • Same password for many accounts  Trigger finger • Clicking on links impulsively without investigating first
  • 19. Page 19 Hacker Techniques, Tools, and Incident Handling © 2020 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Avoid Endangering Yourself and Others  Be wary of publishing identifying information about yourself.  Pick a username that doesn’t include personal information.  Set up a separate email account that doesn’t use your real name, and use that account to register and receive mail from sites where you have to register.  Use a strong password.  Keep your profile closed and allow only friends to view it.  Don’t say anything or publish pictures that might cause you embarrassment later.  Use the privacy features on the sites you use to restrict strangers’ access to your profile. Be guarded about whom you  invite into your network.  Be particularly on guard against phishing scams.
  • 20. Page 20 Hacker Techniques, Tools, and Incident Handling © 2020 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Facebook Security  Read the Facebook guide to privacy  Think carefully about whom you allow to become a friend  Show “limited friends” a cutdown version of your profile  Disable options and then open them one by one
  • 21. Page 21 Hacker Techniques, Tools, and Incident Handling © 2020 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Summary  Types of social engineering attacks  Technology and social engineering  Best practices for passwords  Social networking risks