SlideShare a Scribd company logo

VCU INFO 644 Critical Thinking 1

Download as PPTX, PDF
T
tgbrunet
Technology
1 of 10
INFO 644 Enterprise Cyber Security Critical Thinking #1 Tyler Brunet VCU Department of Information Systems
What Will Be Covered  Why security breaches happen  How attacks happen  What a social engineering attack is and how they happen  An example of reverse social engineering  How to protect from different breaches
Why Breaches Happen  Individuals looking to „steal‟ corporate or private information  Sell information to other companies  Use the information to find out what industries are doing/working on  Counterintelligence measures  Gain a competitive advantage by duplicating a product and getting it to market before the initial company does  Individuals hack for the fun of it
How Breaches Happen  Most classic example will be illustrated later in presentation  Someone giving out personal identifiers to the wrong person  Phishing by means of fake emails and spoofed websites  Reverse Social Engineering
How Social Engineering Attacks Happen  Social engineering attacks  The gaining of information from legitimate users for illegitimate access  Dumpster diving – look for any information that can be used such as names, project leaders, meeting notes, etc.  Pose as employees in order to get support from the Help Desk
Social Engineering Attack Techniques  Physical attacks  Require the social engineer to be at the company‟s location.  Sorting through trash – most common form  Consultant  Network Engineer  Repair Technician  Psychological attacks  Work to create an environment that will enable them to most easily acquire the necessary information  Impersonation  Conformity  Being friendly  Reverse social engineering
Reverse Social Engineering Example  Attacker first learns about the organization as much as possible  They then cause problem for a particular individual (HR, Manager etc.)  Come in to fix the problem  Give contact information to the targeted individual  Week or so later causes same problem  The targeted individual contacts the “attacker” who fixed it the first time and asks if they could fix it again  “Attacker” says cannot get to the location today, but can do it now if the individual gives them a login username and password  Individual complies and not the attacker has a legitimate login that they can get to anything that the individual may have access to
Technical and Social Vulnerabilities  Technical  Lack of security measures on servers  Ports left open that should not be  Weak password policies  Redundancy in username and password use  Social  Weak means of who is in charge of what  Trust in outsiders that could be possible hackers  Passwords are written down and dishonest employees may take note of them
Preventing Security Breaches  Develop policies that have social implications (4G methods)  Develop policies that incorporate all methods (1G, 2G, 3G, and 4G)  1G – Checklist approach  2G – Flow of data Ex: Firewalls  3G – Interconnected devices  4G – Social implications  Conduct random audits  Social penetration tests  Review of log files of webservers and other IT devices  Training of employees on monthly, semi-yearly etc. on security policies and procedure
Questions to Think About  What ways do business‟s control their information?  Are there written security measures?  Are these measures updated routinely?  Are these practices conducted on a day-to-day level?

Recommended

Social engineering for security attacks
Social engineering for security attacksSocial engineering for security attacks
Social engineering for security attacksmasoud khademi
 
Hacking the Helpdesk: Social Engineering Risks
Hacking the Helpdesk: Social Engineering RisksHacking the Helpdesk: Social Engineering Risks
Hacking the Helpdesk: Social Engineering RisksCraig Clark ITIL, CIS LI,EU GDPR P
 
Social Engineering: the Bad, Better, and Best Incident Response Plans
Social Engineering: the Bad, Better, and Best Incident Response PlansSocial Engineering: the Bad, Better, and Best Incident Response Plans
Social Engineering: the Bad, Better, and Best Incident Response PlansRob Ragan
 
Social Engineering Basics
Social Engineering BasicsSocial Engineering Basics
Social Engineering BasicsLuke Rusten
 
Social engineering tales
Social engineering tales Social engineering tales
Social engineering tales Ahmed Musaad
 
Social Engineering | #ARMSec2015
Social Engineering | #ARMSec2015Social Engineering | #ARMSec2015
Social Engineering | #ARMSec2015Hovhannes Aghajanyan
 
Social engineering hacking attack
Social engineering hacking attackSocial engineering hacking attack
Social engineering hacking attackPankaj Dubey
 
MHTA Social Engineering Presentation - 050917
MHTA Social Engineering Presentation - 050917MHTA Social Engineering Presentation - 050917
MHTA Social Engineering Presentation - 050917Evan Francen
 

Recommended

Social engineering for security attacks
Social engineering for security attacksSocial engineering for security attacks
Social engineering for security attacksmasoud khademi
 
Hacking the Helpdesk: Social Engineering Risks
Hacking the Helpdesk: Social Engineering RisksHacking the Helpdesk: Social Engineering Risks
Hacking the Helpdesk: Social Engineering RisksCraig Clark ITIL, CIS LI,EU GDPR P
 
Social Engineering: the Bad, Better, and Best Incident Response Plans
Social Engineering: the Bad, Better, and Best Incident Response PlansSocial Engineering: the Bad, Better, and Best Incident Response Plans
Social Engineering: the Bad, Better, and Best Incident Response PlansRob Ragan
 
Social Engineering Basics
Social Engineering BasicsSocial Engineering Basics
Social Engineering BasicsLuke Rusten
 
Social engineering tales
Social engineering tales Social engineering tales
Social engineering tales Ahmed Musaad
 
Social Engineering | #ARMSec2015
Social Engineering | #ARMSec2015Social Engineering | #ARMSec2015
Social Engineering | #ARMSec2015Hovhannes Aghajanyan
 
Social engineering hacking attack
Social engineering hacking attackSocial engineering hacking attack
Social engineering hacking attackPankaj Dubey
 
MHTA Social Engineering Presentation - 050917
MHTA Social Engineering Presentation - 050917MHTA Social Engineering Presentation - 050917
MHTA Social Engineering Presentation - 050917Evan Francen
 
Corporate America is Being ATTACKED and the Entry Vector May be Surprising
Corporate America is Being ATTACKED and the Entry Vector May be SurprisingCorporate America is Being ATTACKED and the Entry Vector May be Surprising
Corporate America is Being ATTACKED and the Entry Vector May be SurprisingSignals Defense, LLC
 
Social Engineering - Human aspects of industrial and economic espionage
Social Engineering - Human aspects of industrial and economic espionageSocial Engineering - Human aspects of industrial and economic espionage
Social Engineering - Human aspects of industrial and economic espionageMarin Ivezic
 
Infographic: Penetration Testing - A Look into a Full Pen Test Campaign
Infographic: Penetration Testing - A Look into a Full Pen Test CampaignInfographic: Penetration Testing - A Look into a Full Pen Test Campaign
Infographic: Penetration Testing - A Look into a Full Pen Test CampaignPratum
 
Cyber Security
Cyber SecurityCyber Security
Cyber SecurityRamiro Cid
 
Social engineering-Attack of the Human Behavior
Social engineering-Attack of the Human BehaviorSocial engineering-Attack of the Human Behavior
Social engineering-Attack of the Human BehaviorJames Krusic
 
Social engineering
Social engineeringSocial engineering
Social engineeringAlexander Zhuravlev
 
Social Engineering
Social EngineeringSocial Engineering
Social EngineeringPaul Devassy, CPP
 
Social Engineering,social engeineering techniques,social engineering protecti...
Social Engineering,social engeineering techniques,social engineering protecti...Social Engineering,social engeineering techniques,social engineering protecti...
Social Engineering,social engeineering techniques,social engineering protecti...ABHAY PATHAK
 
BSidesPGH - Never Surrender - Reducing Social Engineering Risk
BSidesPGH - Never Surrender - Reducing Social Engineering RiskBSidesPGH - Never Surrender - Reducing Social Engineering Risk
BSidesPGH - Never Surrender - Reducing Social Engineering RiskRob Ragan
 
Social Engineering
Social EngineeringSocial Engineering
Social EngineeringWilliam Gregorian
 
Social engineering
Social engineeringSocial engineering
Social engineeringankushmohanty
 
2 Security And Internet Security
2 Security And Internet Security2 Security And Internet Security
2 Security And Internet SecurityAna Meskovska
 
Honey Pot Intrusion Detection System
Honey Pot Intrusion Detection SystemHoney Pot Intrusion Detection System
Honey Pot Intrusion Detection SystemInternational Journal of Engineering Inventions www.ijeijournal.com
 
Hacking and Penetration Testing - a beginners guide
Hacking and Penetration Testing - a beginners guideHacking and Penetration Testing - a beginners guide
Hacking and Penetration Testing - a beginners guidePankaj Dubey
 
Social engineering
Social engineering Social engineering
Social engineering Vîñàý Pãtêl
 
Social engineering by-rakesh-nagekar
Social engineering by-rakesh-nagekarSocial engineering by-rakesh-nagekar
Social engineering by-rakesh-nagekarRaghunath G
 
Social Engineering Audit & Security Awareness
Social Engineering Audit & Security AwarenessSocial Engineering Audit & Security Awareness
Social Engineering Audit & Security AwarenessCBIZ, Inc.
 
Social engineering
Social engineeringSocial engineering
Social engineeringMaulik Kotak
 
Social engineering
Social engineering Social engineering
Social engineering Abdelhamid Limami
 
Presentation of Social Engineering - The Art of Human Hacking
Presentation of Social Engineering - The Art of Human HackingPresentation of Social Engineering - The Art of Human Hacking
Presentation of Social Engineering - The Art of Human Hackingmsaksida
 
Social engineering
Social engineeringSocial engineering
Social engineeringHHSome
 
Airport IT&T 2013 John McCarthy
Airport IT&T 2013 John McCarthyAirport IT&T 2013 John McCarthy
Airport IT&T 2013 John McCarthyRussell Publishing
 

More Related Content

What's hot

Corporate America is Being ATTACKED and the Entry Vector May be Surprising
Corporate America is Being ATTACKED and the Entry Vector May be SurprisingCorporate America is Being ATTACKED and the Entry Vector May be Surprising
Corporate America is Being ATTACKED and the Entry Vector May be SurprisingSignals Defense, LLC
 
Social Engineering - Human aspects of industrial and economic espionage
Social Engineering - Human aspects of industrial and economic espionageSocial Engineering - Human aspects of industrial and economic espionage
Social Engineering - Human aspects of industrial and economic espionageMarin Ivezic
 
Infographic: Penetration Testing - A Look into a Full Pen Test Campaign
Infographic: Penetration Testing - A Look into a Full Pen Test CampaignInfographic: Penetration Testing - A Look into a Full Pen Test Campaign
Infographic: Penetration Testing - A Look into a Full Pen Test CampaignPratum
 
Cyber Security
Cyber SecurityCyber Security
Cyber SecurityRamiro Cid
 
Social engineering-Attack of the Human Behavior
Social engineering-Attack of the Human BehaviorSocial engineering-Attack of the Human Behavior
Social engineering-Attack of the Human BehaviorJames Krusic
 
Social Engineering,social engeineering techniques,social engineering protecti...
Social Engineering,social engeineering techniques,social engineering protecti...Social Engineering,social engeineering techniques,social engineering protecti...
Social Engineering,social engeineering techniques,social engineering protecti...ABHAY PATHAK
 
BSidesPGH - Never Surrender - Reducing Social Engineering Risk
BSidesPGH - Never Surrender - Reducing Social Engineering RiskBSidesPGH - Never Surrender - Reducing Social Engineering Risk
BSidesPGH - Never Surrender - Reducing Social Engineering RiskRob Ragan
 
2 Security And Internet Security
2 Security And Internet Security2 Security And Internet Security
2 Security And Internet SecurityAna Meskovska
 
Hacking and Penetration Testing - a beginners guide
Hacking and Penetration Testing - a beginners guideHacking and Penetration Testing - a beginners guide
Hacking and Penetration Testing - a beginners guidePankaj Dubey
 
Social engineering by-rakesh-nagekar
Social engineering by-rakesh-nagekarSocial engineering by-rakesh-nagekar
Social engineering by-rakesh-nagekarRaghunath G
 
Social Engineering Audit & Security Awareness
Social Engineering Audit & Security AwarenessSocial Engineering Audit & Security Awareness
Social Engineering Audit & Security AwarenessCBIZ, Inc.
 
Social engineering
Social engineeringSocial engineering
Social engineeringMaulik Kotak
 
Presentation of Social Engineering - The Art of Human Hacking
Presentation of Social Engineering - The Art of Human HackingPresentation of Social Engineering - The Art of Human Hacking
Presentation of Social Engineering - The Art of Human Hackingmsaksida
 

What's hot (20)

Corporate America is Being ATTACKED and the Entry Vector May be Surprising
Corporate America is Being ATTACKED and the Entry Vector May be SurprisingCorporate America is Being ATTACKED and the Entry Vector May be Surprising
Corporate America is Being ATTACKED and the Entry Vector May be Surprising
 
Social Engineering - Human aspects of industrial and economic espionage
Social Engineering - Human aspects of industrial and economic espionageSocial Engineering - Human aspects of industrial and economic espionage
Social Engineering - Human aspects of industrial and economic espionage
 
Infographic: Penetration Testing - A Look into a Full Pen Test Campaign
Infographic: Penetration Testing - A Look into a Full Pen Test CampaignInfographic: Penetration Testing - A Look into a Full Pen Test Campaign
Infographic: Penetration Testing - A Look into a Full Pen Test Campaign
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
 
Social engineering-Attack of the Human Behavior
Social engineering-Attack of the Human BehaviorSocial engineering-Attack of the Human Behavior
Social engineering-Attack of the Human Behavior
 
Social engineering
Social engineeringSocial engineering
Social engineering
 
Social Engineering
Social EngineeringSocial Engineering
Social Engineering
 
Social Engineering,social engeineering techniques,social engineering protecti...
Social Engineering,social engeineering techniques,social engineering protecti...Social Engineering,social engeineering techniques,social engineering protecti...
Social Engineering,social engeineering techniques,social engineering protecti...
 
BSidesPGH - Never Surrender - Reducing Social Engineering Risk
BSidesPGH - Never Surrender - Reducing Social Engineering RiskBSidesPGH - Never Surrender - Reducing Social Engineering Risk
BSidesPGH - Never Surrender - Reducing Social Engineering Risk
 
Social Engineering
Social EngineeringSocial Engineering
Social Engineering
 
Social engineering
Social engineeringSocial engineering
Social engineering
 
2 Security And Internet Security
2 Security And Internet Security2 Security And Internet Security
2 Security And Internet Security
 
Honey Pot Intrusion Detection System
Honey Pot Intrusion Detection SystemHoney Pot Intrusion Detection System
Honey Pot Intrusion Detection System
 
Hacking and Penetration Testing - a beginners guide
Hacking and Penetration Testing - a beginners guideHacking and Penetration Testing - a beginners guide
Hacking and Penetration Testing - a beginners guide
 
Social engineering
Social engineering Social engineering
Social engineering
 
Social engineering by-rakesh-nagekar
Social engineering by-rakesh-nagekarSocial engineering by-rakesh-nagekar
Social engineering by-rakesh-nagekar
 
Social Engineering Audit & Security Awareness
Social Engineering Audit & Security AwarenessSocial Engineering Audit & Security Awareness
Social Engineering Audit & Security Awareness
 
Social engineering
Social engineeringSocial engineering
Social engineering
 
Social engineering
Social engineering Social engineering
Social engineering
 
Presentation of Social Engineering - The Art of Human Hacking
Presentation of Social Engineering - The Art of Human HackingPresentation of Social Engineering - The Art of Human Hacking
Presentation of Social Engineering - The Art of Human Hacking
 

Similar to VCU INFO 644 Critical Thinking 1

Social engineering
Social engineeringSocial engineering
Social engineeringHHSome
 
Airport IT&T 2013 John McCarthy
Airport IT&T 2013 John McCarthyAirport IT&T 2013 John McCarthy
Airport IT&T 2013 John McCarthyRussell Publishing
 
Ethical Hacking A high-level information security study on protecting a comp...
Ethical Hacking A high-level information security study on protecting a comp...Ethical Hacking A high-level information security study on protecting a comp...
Ethical Hacking A high-level information security study on protecting a comp...Quinnipiac University
 
Gaining A Foothold
Gaining A FootholdGaining A Foothold
Gaining A FootholdClaranet UK
 
BASICS OF ETHICAL HACKING
BASICS OF ETHICAL HACKINGBASICS OF ETHICAL HACKING
BASICS OF ETHICAL HACKINGDrm Kapoor
 
Safeguardsintheworkplace
SafeguardsintheworkplaceSafeguardsintheworkplace
SafeguardsintheworkplaceAdam Richards
 
Learn About Social Engineering Services - Aardwolf Security
Learn About Social Engineering Services - Aardwolf SecurityLearn About Social Engineering Services - Aardwolf Security
Learn About Social Engineering Services - Aardwolf SecurityAardwolf Security
 
Norman critical thinking 1
Norman critical thinking 1 Norman critical thinking 1
Norman critical thinking 1 qnorman
 
Social Engineering Attacks in IT World
Social Engineering Attacks in IT WorldSocial Engineering Attacks in IT World
Social Engineering Attacks in IT WorldAkshay Mittal
 
Whitepaper-When-Admins-go-bad
Whitepaper-When-Admins-go-badWhitepaper-When-Admins-go-bad
Whitepaper-When-Admins-go-badbanerjeea
 
Introduction Over the past years, there have been increasing ca.docx
Introduction Over the past years, there have been increasing ca.docxIntroduction Over the past years, there have been increasing ca.docx
Introduction Over the past years, there have been increasing ca.docxnormanibarber20063
 
The Inside Job: Detecting, Preventing and Investigating Data Theft
The Inside Job: Detecting, Preventing and Investigating Data TheftThe Inside Job: Detecting, Preventing and Investigating Data Theft
The Inside Job: Detecting, Preventing and Investigating Data TheftCase IQ
 
Yehia Mamdouh @ DTS Solution - The Gentleman Thief
Yehia Mamdouh @ DTS Solution - The Gentleman ThiefYehia Mamdouh @ DTS Solution - The Gentleman Thief
Yehia Mamdouh @ DTS Solution - The Gentleman ThiefShah Sheikh
 
Social engineering: A Human Hacking Framework
Social engineering: A Human Hacking FrameworkSocial engineering: A Human Hacking Framework
Social engineering: A Human Hacking FrameworkJahangirnagar University
 
A Review On Adapting Social Engineering Services—Aardwolf Security
A Review On Adapting Social Engineering Services—Aardwolf SecurityA Review On Adapting Social Engineering Services—Aardwolf Security
A Review On Adapting Social Engineering Services—Aardwolf SecurityAardwolf Security
 
Facts About Social Engineering Services - Aardwolf Security
Facts About Social Engineering Services - Aardwolf SecurityFacts About Social Engineering Services - Aardwolf Security
Facts About Social Engineering Services - Aardwolf SecurityAardwolf Security
 

Similar to VCU INFO 644 Critical Thinking 1 (20)

Social engineering
Social engineeringSocial engineering
Social engineering
 
Airport IT&T 2013 John McCarthy
Airport IT&T 2013 John McCarthyAirport IT&T 2013 John McCarthy
Airport IT&T 2013 John McCarthy
 
Ethical Hacking A high-level information security study on protecting a comp...
Ethical Hacking A high-level information security study on protecting a comp...Ethical Hacking A high-level information security study on protecting a comp...
Ethical Hacking A high-level information security study on protecting a comp...
 
Information Security Awareness Session -2020
Information Security Awareness Session -2020Information Security Awareness Session -2020
Information Security Awareness Session -2020
 
Gaining A Foothold
Gaining A FootholdGaining A Foothold
Gaining A Foothold
 
BASICS OF ETHICAL HACKING
BASICS OF ETHICAL HACKINGBASICS OF ETHICAL HACKING
BASICS OF ETHICAL HACKING
 
Safeguardsintheworkplace
SafeguardsintheworkplaceSafeguardsintheworkplace
Safeguardsintheworkplace
 
Learn About Social Engineering Services - Aardwolf Security
Learn About Social Engineering Services - Aardwolf SecurityLearn About Social Engineering Services - Aardwolf Security
Learn About Social Engineering Services - Aardwolf Security
 
Norman critical thinking 1
Norman critical thinking 1 Norman critical thinking 1
Norman critical thinking 1
 
Social Engineering Attacks in IT World
Social Engineering Attacks in IT WorldSocial Engineering Attacks in IT World
Social Engineering Attacks in IT World
 
Whitepaper-When-Admins-go-bad
Whitepaper-When-Admins-go-badWhitepaper-When-Admins-go-bad
Whitepaper-When-Admins-go-bad
 
Introduction Over the past years, there have been increasing ca.docx
Introduction Over the past years, there have been increasing ca.docxIntroduction Over the past years, there have been increasing ca.docx
Introduction Over the past years, there have been increasing ca.docx
 
The Inside Job: Detecting, Preventing and Investigating Data Theft
The Inside Job: Detecting, Preventing and Investigating Data TheftThe Inside Job: Detecting, Preventing and Investigating Data Theft
The Inside Job: Detecting, Preventing and Investigating Data Theft
 
Information security threats
Information security threatsInformation security threats
Information security threats
 
Yehia Mamdouh @ DTS Solution - The Gentleman Thief
Yehia Mamdouh @ DTS Solution - The Gentleman ThiefYehia Mamdouh @ DTS Solution - The Gentleman Thief
Yehia Mamdouh @ DTS Solution - The Gentleman Thief
 
Social engineering: A Human Hacking Framework
Social engineering: A Human Hacking FrameworkSocial engineering: A Human Hacking Framework
Social engineering: A Human Hacking Framework
 
A Review On Adapting Social Engineering Services—Aardwolf Security
A Review On Adapting Social Engineering Services—Aardwolf SecurityA Review On Adapting Social Engineering Services—Aardwolf Security
A Review On Adapting Social Engineering Services—Aardwolf Security
 
Facts About Social Engineering Services - Aardwolf Security
Facts About Social Engineering Services - Aardwolf SecurityFacts About Social Engineering Services - Aardwolf Security
Facts About Social Engineering Services - Aardwolf Security
 
Hacking the Helpdesk, Craig Clark
Hacking the Helpdesk, Craig ClarkHacking the Helpdesk, Craig Clark
Hacking the Helpdesk, Craig Clark
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
 

Recently uploaded

08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphNeo4j
 
Unlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power SystemsUnlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power SystemsPrecisely
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr LapshynFwdays
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Neo4j
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGMarianaLemus7
 
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024BookNet Canada
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 

Recently uploaded (20)

08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
The transition to renewables in India.pdf
The transition to renewables in India.pdfThe transition to renewables in India.pdf
The transition to renewables in India.pdf
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
 
Unlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power SystemsUnlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power Systems
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDG
 
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 

VCU INFO 644 Critical Thinking 1

  • 1. INFO 644 Enterprise Cyber Security Critical Thinking #1 Tyler Brunet VCU Department of Information Systems
  • 2. What Will Be Covered  Why security breaches happen  How attacks happen  What a social engineering attack is and how they happen  An example of reverse social engineering  How to protect from different breaches
  • 3. Why Breaches Happen  Individuals looking to „steal‟ corporate or private information  Sell information to other companies  Use the information to find out what industries are doing/working on  Counterintelligence measures  Gain a competitive advantage by duplicating a product and getting it to market before the initial company does  Individuals hack for the fun of it
  • 4. How Breaches Happen  Most classic example will be illustrated later in presentation  Someone giving out personal identifiers to the wrong person  Phishing by means of fake emails and spoofed websites  Reverse Social Engineering
  • 5. How Social Engineering Attacks Happen  Social engineering attacks  The gaining of information from legitimate users for illegitimate access  Dumpster diving – look for any information that can be used such as names, project leaders, meeting notes, etc.  Pose as employees in order to get support from the Help Desk
  • 6. Social Engineering Attack Techniques  Physical attacks  Require the social engineer to be at the company‟s location.  Sorting through trash – most common form  Consultant  Network Engineer  Repair Technician  Psychological attacks  Work to create an environment that will enable them to most easily acquire the necessary information  Impersonation  Conformity  Being friendly  Reverse social engineering
  • 7. Reverse Social Engineering Example  Attacker first learns about the organization as much as possible  They then cause problem for a particular individual (HR, Manager etc.)  Come in to fix the problem  Give contact information to the targeted individual  Week or so later causes same problem  The targeted individual contacts the “attacker” who fixed it the first time and asks if they could fix it again  “Attacker” says cannot get to the location today, but can do it now if the individual gives them a login username and password  Individual complies and not the attacker has a legitimate login that they can get to anything that the individual may have access to
  • 8. Technical and Social Vulnerabilities  Technical  Lack of security measures on servers  Ports left open that should not be  Weak password policies  Redundancy in username and password use  Social  Weak means of who is in charge of what  Trust in outsiders that could be possible hackers  Passwords are written down and dishonest employees may take note of them
  • 9. Preventing Security Breaches  Develop policies that have social implications (4G methods)  Develop policies that incorporate all methods (1G, 2G, 3G, and 4G)  1G – Checklist approach  2G – Flow of data Ex: Firewalls  3G – Interconnected devices  4G – Social implications  Conduct random audits  Social penetration tests  Review of log files of webservers and other IT devices  Training of employees on monthly, semi-yearly etc. on security policies and procedure
  • 10. Questions to Think About  What ways do business‟s control their information?  Are there written security measures?  Are these measures updated routinely?  Are these practices conducted on a day-to-day level?