Chapter 10: Social Engineering and More

Question 1

What’s the difference between Social Engineering and Wetware?

Answer 1

There is none.

Question 2

What is Social Engineering?

Answer 2

Gaining access to something by exploiting the general trusting nature of people

Question 3

Shoulder Surfing

Answer 3

Looking over someone’s shoulder to try and get some information from their computer screen.

Question 4

Dumpster Diving

Answer 4

Looking through dumpsters for important files

Question 5

Tailgating

Answer 5

Following closely behind someone to gain access to a room you’re not supposed to be in

Question 6

Impersonation

Answer 6

Pretending to be someone you’re not to gain access to a restricted area, such as a copier repairman or a vending machine stocker

Question 7

Hoaxes

Answer 7

Warnings about things that aren’t legitimate, such as bomb threats, sounding alarms, or the Goodtimes virus.

Question 8

Whaling

Answer 8

Phishing of big name targets (Dear Bill Gates….)

Question 9

Malicious Insider Threat

Answer 9

A disgruntled employee happy to benefit from the injuring of the company.
<b>Anyone can be bought. Everyone has a price.</b>

Question 10

Authority

Principles Behind Social Engineering

Answer 10

Convincing the victim that you’re a person of authority and shouldn’t be questioned

Question 11

Intimidation

Principles Behind Social Engineering

Answer 11

Threats, shouting, guilt

Question 12

Consensus/social proof

Principles Behind Social Engineering

Answer 12

Putting the victim at ease and placating them, talking them up

Question 13

Scarcity

Principles Behind Social Engineering

Answer 13

Convincing someone that there’s a limited supply of whatever

Question 14

Urgency

Principles Behind Social Engineering

Answer 14

Telling the victim something awful will happen if they don’t hurry

Question 15

Familiarity/liking

Principles Behind Social Engineering

Answer 15

Liking someone can lower our mental guards

Question 16

Trust

Principles Behind Social Engineering

Answer 16

Get them to feel they owe you something or that they can trust you

Question 17

Proximity Reader Frequencies

Answer 17

Smart Cards-13.56 MHz

Proximity Cards-125 KHz

Question 18

Protected Distribution System (PDS)

Answer 18

A system in which physical security is so high that you can forego encryption entirely. If you have WiFi, you’re probably inside a Faraday Cage.

Question 19

Fire Extinguisher Types

Answer 19

A-Wood and paper fires -Water or chemical
B-Flammable liquids -Chemical
C-Electrical -nonconductive chemicals
D-Flammable metals -Varies

Question 20

PASS

Answer 20

Pull, aim, squeeze, and sweep. That’s how you should operate a fire extinguisher.

Question 21

Faraday Cage

Answer 21

Grounds the whole room, electromagnetic signals can’t enter or leave

Question 22

Van Eck Phreaking

Answer 22

Detecting electromagnetic emissions from CRT and LCD displays to eavesdrop. This does work!

Question 23

TEMPEST

Answer 23

an organization dedicated to reducing noise from devices which can divulge intelligence

Question 24

What humidity level do you need to keep your computers at?

Answer 24

50% or higher. Any less than that is an ESD risk.

Question 25

Deterrent

Control Types

Answer 25

Anything that tells a would-be attacker that they should be a wouldn’t-be attacker

Question 26

Preventative

Control Types

Answer 26

Stopping something from happening (locks, biometrics, knowledge, guards)

Question 27

Detective

Control Types

Answer 27

AV, alarm, checksum, motion sensor

Question 28

Compensating

Control Types

Answer 28

A backup for when other methods fail

Question 29

Technical

Control Types

Answer 29

Firewalls, IDS, IPS….

Question 30

Administrative

Control Types

Answer 30

Policies, procedures, and guidelines

Question 31

What four areas should Data Policies be focused on?

Answer 31

<b>W</b>iping
-How is data removed from the media?
<b>D</b>isposing
-How is media disposed of?
<b>R</b>etention
-How long must data be kept?
<b>S</b>torage
-Where is data kept, and what security precautions are associated with its access?