unit 3 discussion 1_social engineering defense issues
TRANSCRIPT
![Page 1: Unit 3 Discussion 1_Social Engineering Defense Issues](https://reader035.vdocuments.us/reader035/viewer/2022071805/563dba39550346aa9aa3c1ce/html5/thumbnails/1.jpg)
[
]
2014
Name?
IS3220
Mr. ?
![Page 2: Unit 3 Discussion 1_Social Engineering Defense Issues](https://reader035.vdocuments.us/reader035/viewer/2022071805/563dba39550346aa9aa3c1ce/html5/thumbnails/2.jpg)
Social Engineering Name?Defense Issues IS3220
10 Jan 2014
Social Engineering tactics are so successful because most people in an office
environment, especially if it is a large company do not know the IT staff. Most social
engineering attacks are more than likely carried out as part of Corporate Espionage in order to
get a technical or otherwise advantage above the competitors. These Corporate spies will prey
on certain targets, such as; receptionists, IT staff, and vulnerable employees in order to
manipulate them in some fashion to get information. These tactics are so successful also because
all hackers know that the weakest defense is from within at the user level, and so do most
technology corporations.
The most commonly used techniques that an attacker may use to infiltrate a company is
by impersonating a number of people that are usually trusted or not questioned about their
presence in a facility. Most people when they are doing their job tend to not give it a second
thought when they see maintenance technicians, other employees, or someone claiming to be
either an authority figure such as a manager, executive, or even a police officer/security guard.
There are those also that will gain employment as Tech Support to be on the inside or claiming to
be a vendor or client to gain access to the building. Other techniques include some Quid Pro
Quo between employees, befriending someone in order to extract information, and manipulating
someone using threats. Most of these techniques involve the attacker having to be an active
participant in the attack physically by interacting with people directly. There are a couple of
techniques that the attacker can gather information from a distance with indirect interaction,
these techniques are for example; Phishing, Reconnaissance, Public Information, Social
Networking Sites, Dumpster Diving, and Cold calling.
Unfortunately there is no piece of technology that can defend against Social Engineering.
However you can train employees about security awareness in order to make employees more
![Page 3: Unit 3 Discussion 1_Social Engineering Defense Issues](https://reader035.vdocuments.us/reader035/viewer/2022071805/563dba39550346aa9aa3c1ce/html5/thumbnails/3.jpg)
Social Engineering Name?Defense Issues IS3220
10 Jan 2014
aware of their surroundings and to notice inconsistencies in the workplace. Once employees are
more aware they will ask questions about the unusual or out of place personnel within their work
area (Stewart, 2011). Social Engineering attacks are difficult to prevent because they are attacks
on actual humans instead of machines and humans unlike machines have free will and can easily
be manipulated. Humans are influenced by threats, manipulation, coercion, or just tricked into
doing something that they don’t want to do or don’t know they are doing it. Humans can be
tricked into giving information about their logon credentials or allowing someone that they
believe to be part of the IT staff a remote connection to their computer and even open unknown
email message that contains malware.
![Page 4: Unit 3 Discussion 1_Social Engineering Defense Issues](https://reader035.vdocuments.us/reader035/viewer/2022071805/563dba39550346aa9aa3c1ce/html5/thumbnails/4.jpg)
Social Engineering Name?Defense Issues IS3220
10 Jan 2014
References
Works Cited
Stewart, J. M. (2011). Network Security, Firewalls, and VPNs. Sudbury: Jones & Bartlett
Learning. Retrieved Jan 10, 2013