Security and social engineering

Size: px

Start display at page:

Download "Security and social engineering"

Matilda Flowers
6 years ago
Views:

1 Focused on Security. Committed to Success. Security and social engineering Fcis,Mansoura University,Egtpt

2 What is social engineer? Social engineering is satisfied attack from end user who behave confidence with network or over internet Victims go to attacker with all his will like registration in forms. Companies with authentication system really Still open to attack. Employee is exposed to say information more serious Like talking in phones with customer. Social engineering is the tactic or trick of gaining sensitive information by exploiting basic human nature such as: Trust. Fear. Desire to help.

3 Focused on Security. Committed to Success. Why attacker focus on social engineering? Social engineer attempt to gather information such as: Access details. Sensitive information. Authorized details. Social engineering is easy way to convert virtual to real to convince End user to provide attacker with personal details.

4 Hacker and social engineering Hacker use term Rebecca and Jessica to denote social Engineer attack. Rebecca and Jessica mens person who is easy target to social engineer like receptionist of bank or service. Hacker and victims may be technical support. Victims are repond to hacker with purpose of help but hacker want to gather information like password of account he do not have. - Hacker use trick like calling some one as technical support in company x and system is crashed now and he want id and password to renew.

5 Social engineering examples architect in Dubai,some one call him from England and have some information about his C.V. he asked him to work in IBM COMPANY Asked him to send c.v. and some money to join the company and contact him from England to convince, send him link to site of IBM virtually not real to ensure so he pay for him and lose money. Advertisement attack. Most of internet sites is fully with attractive advertisement like chance to live and work in USA and you register to win so, you are victim. listening conversation or reading message.

6 Focused on Security. Committed to Success. Ways to social engineering? Reverse social engineering another way of contact hacker with victim:- - It happened when hacker creates person to be in position of authority and ask for information - This attack involve:-sabotage marketing. Providing support.

7 Factors help attacker!!! Company are being exposed to this attack due to: 1. Insufficient security training and awareness. 2. Several organization units and more site domain. 3. Lack of security policy. 4. Easy access of information like s id, phones number, employee id. 5.Eay displaying information like bloggers and face book which is private.

8 SQL injection and social engineering? Most of developers don't know that they are exposed to social engineering which destroy or affect their work after large effort. SQL injection is type of security exploit in which attacker inject SQL code through web form input box to gain access to resources or changing data. Programmers use sequential commands with user input,make it easier for attacker to inject commands. Through registration form or web form,attacker can obtain information and destroy database using select,insert,delete commands to modify database which destroy system like banks.

9 How I protect my self? Many procedures are taken to prevent or reduce social engineering:- Don't click or submit in any forms like advertisement. Don't submit in bloggers or face book and let your information to all visitors or friends. Don't let employees in your computer to have more privileged commands Train employees on this type of information theft and to secure dealing with customer and less conversation in specific deal area. Identify employee and clients in system through face reorganization Don't send C.V. through sites or s if you are not sure with source Cloud computing securing to ensure sources and filtering data

10 Next Steps More information on security topics: Microsoft Security at Home Resources: Find additional security training events: Sign up for security communications: Get additional security tools and content: Find additional e-learning clinics:

11 Focused on Security. Committed to Success. Information system security 25/8/2011

Application vulnerabilities and defences

Application vulnerabilities and defences In this lecture We examine the following : SQL injection XSS CSRF SQL injection SQL injection is a basic attack used to either gain unauthorized access to a database