Chapter 10: Social Engineering and More Flashcards
What’s the difference between Social Engineering and Wetware?
There is none.
What is Social Engineering?
Gaining access to something by exploiting the general trusting nature of people
Shoulder Surfing
Looking over someone’s shoulder to try and get some information from their computer screen.
Dumpster Diving
Looking through dumpsters for important files
Tailgating
Following closely behind someone to gain access to a room you’re not supposed to be in
Impersonation
Pretending to be someone you’re not to gain access to a restricted area, such as a copier repairman or a vending machine stocker
Hoaxes
Warnings about things that aren’t legitimate, such as bomb threats, sounding alarms, or the Goodtimes virus.
Whaling
Phishing of big name targets (Dear Bill Gates….)
Malicious Insider Threat
A disgruntled employee happy to benefit from the injuring of the company.
<b>Anyone can be bought. Everyone has a price.</b>
Authority
Principles Behind Social Engineering
Convincing the victim that you’re a person of authority and shouldn’t be questioned
Intimidation
Principles Behind Social Engineering
Threats, shouting, guilt
Consensus/social proof
Principles Behind Social Engineering
Putting the victim at ease and placating them, talking them up
Scarcity
Principles Behind Social Engineering
Convincing someone that there’s a limited supply of whatever
Urgency
Principles Behind Social Engineering
Telling the victim something awful will happen if they don’t hurry
Familiarity/liking
Principles Behind Social Engineering
Liking someone can lower our mental guards
Trust
Principles Behind Social Engineering
Get them to feel they owe you something or that they can trust you
Proximity Reader Frequencies
Smart Cards-13.56 MHz
Proximity Cards-125 KHz
Protected Distribution System (PDS)
A system in which physical security is so high that you can forego encryption entirely. If you have WiFi, you’re probably inside a Faraday Cage.
Fire Extinguisher Types
A-Wood and paper fires -Water or chemical
B-Flammable liquids -Chemical
C-Electrical -nonconductive chemicals
D-Flammable metals -Varies
PASS
Pull, aim, squeeze, and sweep. That’s how you should operate a fire extinguisher.
Faraday Cage
Grounds the whole room, electromagnetic signals can’t enter or leave
Van Eck Phreaking
Detecting electromagnetic emissions from CRT and LCD displays to eavesdrop. This does work!
TEMPEST
an organization dedicated to reducing noise from devices which can divulge intelligence
What humidity level do you need to keep your computers at?
50% or higher. Any less than that is an ESD risk.
Deterrent
Control Types
Anything that tells a would-be attacker that they should be a wouldn’t-be attacker
Preventative
Control Types
Stopping something from happening (locks, biometrics, knowledge, guards)
Detective
Control Types
AV, alarm, checksum, motion sensor
Compensating
Control Types
A backup for when other methods fail
Technical
Control Types
Firewalls, IDS, IPS….
Administrative
Control Types
Policies, procedures, and guidelines
What four areas should Data Policies be focused on?
<b>W</b>iping -How is data removed from the media? <b>D</b>isposing -How is media disposed of? <b>R</b>etention -How long must data be kept? <b>S</b>torage -Where is data kept, and what security precautions are associated with its access?
