Chapter 10 Social Engineering Flashcards
Social engineering
target and manipulation of human beings rather than technology
Behaviors or signs useful in extracting info from ppl (5)
1) Moral Obligation - some ppl feel compelled to provide assistance out of a sense of duty
2) Trust - humans have inherent tendency to trust others; attacker may use buzzwords to gain trust
3) Threats - social engineer may threaten a victim
4) Something for Nothing - attacker may promise victim that for little to no work, they will reap tremendous rewards
5) Ignorance - a lot of ppl don’t recognize social engineering as a huge threat
Why does Social Engineering work? (5)
1) LACK OF TECHNOLOGICAL FIX - technology can be configured incorrectly by ppl
2) INSUFFICIENT SECURITY POLICIES - policies that state how information, resources, & other related items should be handled are often incomplete or insufficient at best
3) DIFFICULT DETECTION SOCIAL ENGINEERING - hard to detect; technology may leave tracks in log file or trip an IDS, but social engineering probably won’t
4) LACK OF TRAINING
5) HUMAN HABIT & NATURE - easy for an attacker to follow & see what your routine is
EC-COUNCIL likes to say “ THERE IS NO PATCH FOR HUMAN STUPIDITY” (although you can patch technology, you can’t patch human beings)
Indications of an attack include:
1) USE OF AUTHORITY
2) INABILITY TO GIVE VALID CONTACT INFO
3) MAKING INFORMAL OR OFF-THE-BOOK REQUESTS
4) EXCESSIVE NAME-DROPPING
5) EXCESSIVE USE OF PRAISE OR COMPLIMENTS
6) SHOW OF DISCOMFORT WHEN QUESTIONED
How to stop social engineering
Simple Training and Awareness
Phases of Social Engineering (4 or 3)
1) Gather info about target through research & observation (this can include dumpster diving, phishing, etc)
* *Phishing - defrauding by posing as legit company
2) Select specific individual or group that have what you need (look for people who are overconfident, frustrated, arrogant, etc)
3) Forge a relationship
4) Exploit the relationship & extract information
(Or 3 steps Research, Develop, Exploit)
Impact of Social Engineering
1) ECONOMIC LOSS
2) TERRORISM
3) LOSS OF PRIVACY
4) LAWSUITS & ARBITRATION
5) TEMPORARY OR PERMANENT CLOSURE
6) LOSS OF GOODWILL - such as from clients
Define Inference
the process of using info from many different sources to indirectly gain insight about a hidden target
Countermeasures for social engineering issues via Social Networking
1) Think b4 posting
2) Encourage use of non-work email for social NWing
3) Strong & diff PWs across sites
4) Avoid public profile
5) Remind users, once something is posted online, it never goes away
6) Instruct employees on presence of phishing scams on social NW & how to avoid/report them
7) Install modern & latest browser
8) Pop up blocker
9) Private browsing - prevents saving of specific info in browser
Types of Threats (5) ***
1) Malware - key loggers, spyware, trojan, etc
2) Shoulder Surfing
3) Eavesdropping
4) Dumpster Diving - one man’s trash is another man’s teasure
5) Phishing - posing as legit to get info
Reverse Proxy
This is a preventive measure to avoid social engineering attacks
The difference between a regular or FORWARD proxy and a reverse proxy is that in reverse proxy, client X, although connected to the website they intended for, they do not know they are going through a proxy. So, they are connecting to proxy Y which connects to client Z; reverse proxy requires no proxy setup
PROS: Z forces all of its traffic to go to a proxy first. So Z might have a large site millions want to visit, so Z sets up many servers & puts a reverse proxy on the internet that sends users to the closest proxy server to them when they try to connect to Z
Another reason for its use is perhaps Z is worried about retaliation for content hosted & so they don’t want to host their main server publicly If people complain or try to hack & a server shuts down, the main server will be protected
Ingress Filtering
This is a preventive measure to avoid social engineering attacks
technique used to make sure incoming packets are legit
Egress Filtering
This is a preventive measure to avoid social engineering attacks
the practice of monitoring & potentially restricting the flow of info outbound from one NW to another
Typically internet from TCP/IP to the internet that is controlled (such as blocking websites)
For an attacker, a proxy is used to
keep a scan hidden
What is TOR
stands for Third-generation Onion Routing that is designed to hide the process of scanning
“Tor is free software and an open network that helps you defend against traffic analysis, a form of network surveillance that threatens personal freedom and privacy, confidential business activities and relationships, and state security”
