Articles
Cisco IOS Commands The Archives General GSO |
Social engineering (computer security)From Wikipedia, the free encyclopedia.In the field of computer security , social engineering is the practice of obtaining confidential information by manipulation of legitimate users. A social engineer will commonly use the telephone or Internet to trick people into revealing sensitive information or getting them to do something that is against typical policies. By this method, social engineers exploit the natural tendency of a person to trust his or her word, rather than exploiting computer security holes. It is generally agreed upon that "users are the weak link" in security and this principle is what makes social engineering possible. A contemporary example of a social engineering attack is the use of e-mail attachments that contain malicious payloads (that, for instance, use the victim's machine to send massive quantities of spam ). After earlier malicious e-mails led software vendors to disable automatic execution of attachments, users now have to explicitly activate attachments for this to occur. Many users, however, will blindly click on any attachments they receive, thus allowing the attack to work. Perhaps the simplest, but still effective attack is tricking a user into thinking one is an administrator and requesting a password for various purposes. Users of Internet systems frequently receive messages that request password or credit card information in order to "set up their account" or "reactivate settings" or some other benign operation in what are called phishing attacks. Users of these systems must be warned early and frequently not to divulge sensitive information, passwords or otherwise, to people claiming to be administrators. In reality, administrators of computer systems rarely, if ever, need to know the user's password to perform administrative tasks. However, even this might not be necessary - in an Infosecurity survey, 90% of office workers gave away their password in exchange for a cheap pen . Perhaps the largest-scale social engineering attack in recent years surrounds Messenger Plus! ; to raise money from the software, its author Patchou added an adware sponsor link from C2Media within the program. While the sponsor agreement gives the option to install Messenger Plus! without the adware , the vast majority of users simply click through this agreement and thus install the adware . Social engineering also applies to the act of face-to-face manipulation to gain physical access to computer systems. Training users about security policies and ensuring that they are followed is the primary defense against social engineering. One of the most famous social engineers in recent history is Kevin Mitnick . [ edit
]
References
[ edit
]
External LinksRetrieved from " http://en.wikipedia.org/wiki/Social_engineering_%28computer_security%29
"
|
|
