4 - FootPrinting and Social Engineering

Question 1

What is ‘casing the joint’

Answer 1

– Look over the location
– Find weakness in security systems
– Types of locks and alarms used

Question 2

What is footprinting?

Answer 2

Finding information on company’s network. It can be Passive and nonintrusive eg. you aren’t accessing information illegally or gathering unauthorized information with false credentials
– Several available Web tools eg. Google groups, FOCA

Question 3

Conducting Competitive Intelligence

Answer 3

A means of gathering information about a business or an industry
by using observation, accessing public information, speaking with employees, and so on.
As a security tester you should be able to explain methods used to gather information.

Question 4

Analyzing company’s website

Answer 4

Easy way for attackers to discover critical information about an organization.
Tools: 
Paros
- Powerful tool for UNIX and Windows OSs
- Requires Java J2SE
Whois
- Commonly used
- Gathers IP address and domain information
- Attackers can also use it

Question 5

How can you use email addresses?

Answer 5

• Help retrieve even more information
• You can find e-mail address format and guess other employees’ e-mail accounts
• Tool to find corporate employee information: Groups.google.com

Question 6

HTTP operates on port ____

Answer 6

80

Question 7

Name a HTTP method

Answer 7

GET/ HTTP/1.1

Question 8

What is a HTTP command

Answer 8

A security tester can pull information from a Web server by using HTTP commands.

Question 9

Other methods of gathering information?

Answer 9

A URL:
– Web server
– OS
– Names of IT personnel
Other methods:
– Cookies
– Web bugs

Question 10

What is Social Engineering?

Answer 10

“Why try to crack a password when you can simply ask for it?”

Using an understanding of human nature to get information from people. eg. Obtaining passwords/personal information through different tactics.

Question 11

Tactics used in social engineering?

Answer 11

– Persuasion
– Intimidation
– Coercion
– Extortion/blackmailing

Question 12

Social engineers study human behavior.

Answer 12

They can recognise personality traits such as shyness or insecurity, they can also understand body language such as slouched shoulders, avoidance of eye contact, nervous fidgeting.

Question 13

5 Techniques?

Answer 13

1. Urgency
2. Quid pro quo
3. Status quo
4. Kindness
5. Position

Question 14

Shoulder surfing

Answer 14

Skilled at reading what users enter on their keyboards, especially logon names and password. eg. PINs at ATM machines.

Question 15

Tools used for shoulder surfing

Answer 15

• ## Binoculars or high-powered telescopes to observe PINs being entered

Question 16

How to prevent shoulder surfing?

Answer 16

• Educate users to avoid typing when someone is nearby or talking on cell phone nearby.
• Make sure all computer monitors face away from the door or the cubicle
  entryway

Question 17

What is dumpster diving?

Answer 17

Attacker examines and finds information in victim’s trash. eg.
– Discarded computer manuals
– Passwords jotted down
– Company policy
– Utility bills
– Resumes

Question 18

How to prevent dumpster diving?

Answer 18

• Educating your users on the importance of proper trash disposal
  – Format disks before disposing them
  – Discard computer manuals offsite
  – Shred documents before disposal

Question 19

What is piggybacking?

Answer 19

A method attackers use to gain access to restricted areas in a company. The
attacker follows an employee closely and enters the area with that employee

Question 20

How to prevent piggybacking?

Answer 20

• Use turnstiles
  – Train personnel to notify security about strangers
  – Do not hold secured doors for anyone, even people they know
  – All employees must use access cards

Question 21

Phishing

Answer 21

A type of attack carried out by e-mail; e-mails includes links to fake Web sites intended to entice victims into disclosing private information or installing malware

Question 22

What is DNS?

Answer 22

Domain Name System (DNS) resolves host names to IP addresses

Question 23

What is Zone transfer

Answer 23

It can be used to get information about a network’s topology and view all the network’s host computers and domains.

Question 24

Determine a company’s primary DNS server,

Answer 24

You can look for a DNS server containing a Start of Authority (SOA) record. You can perform another zone transfer to see all host computers on the company network