Social Engineering Flashcards
What are the 4 best strategies to use for Identity mitigation
Avoidance - avoid uploading identity info, not always possible
Compartmentalisation - Aliases for different socials
Content - carefully consider what info is released
Audience - E.g. Keep work and friends separate
What are some decentralised social networks
Friendica
GNU social network
Diaspora
What is Bugmennot.com
A site that provides usernames and passwords to sign into websites that require a sign up
What are some disposable email genrators
Geurillamail
Dispostable
Mailinator
What are some temp email generators
Anonbox
Freemail.ms
10minutemail
What is Receive-SMS-online
A site that provides phone numbers for verification processes
What are some behavioural security controls that can be implemented
1) Never enter sensitive info
2) never dwnld from an untrusted source
3) Validate sender and attachment
4) Minimise personal info disclosure
What are some behavioural security controls that can be implemented
1) Never enter sensitive info
2) never dwnld from an untrusted source
3) Validate sender and attachment
4) Minimise personal info disclosure`
What are some techincal security controls that can be implemented
1) Email client w security
2) Isolation & Compartmentalisation
3) Using a VM/Sandbox
4) Opening attachments online
5) Use Live OS
6) Anti-virus and end-point protection
What can URLvoid.com be used for
Database of all websites reported to be malicious or not
What can WhoIs.com be used for
Used to identify whos behind a website like companies on the gov website
Reverse IP search to see what other sites the server is hosting
Why is it important to have separate physical and virtual security domains?
High levels of security are not practical for day-to-day use
Back-ups
Plausible deniability
Isolation & Compartmentalisation
What are some virtual security domains?
Dual booting
Platform virtualisation / Hypervisors
Hidden OS
Non-persistent / Live OS like Tails
Bootable USBs
Virtual seperation e.g. QubesOS
