Social Engineering and Physical Security Terminology Flashcards
A physical security deterrent used to protect a computer
Cable lock
Used to blow cold air from the floor
cold aisles
Looking through trash for clues to find passwords and other pertinent information
Dumpster diving
An eletrically conductive wire mesh that surrounds a room and prevents electromagnetic signals from entering or leaving the room.
Fareday cage
Typically, an email message warning of something that isn’t true. Used to cause panic and more harm than the virus.
Hoax
Pretending to be another person to gain information
Impersonation
A device, such as a small room, that limits access to one or few individuals. Typically use eletronic locks and other methods to controll access.
Mantrap
Screens that restrict viewing of monitors to only those sitting in front of them.
Privacy Filters
Watching someone when they enter their username, password, or sensitive data
Shoulder surfing
A form of phishing in which the message is made to look as it came from someone you know and trust.
Spear pishing
Following someone through an entry point
Tailgating
Attack that combines phishing using Voice over IP (VOIP)
Vishing
Phishing large accounts such as directors, administrators or someone important that has access to sensitive data
Whaling
If it is possible to convince the person you are attempting to trick that you are in a position of authority, they may be less likely to question your request. That position of authority could be upper management, tech support,
HR, or law enforcement.
Authority
Social engineering that can be done with threats,
with shouting, or even with guilt.
Intimidation
Putting the person being tricked at ease by putting the focus on them—listening intently to what they are saying, validating their thoughts, charming them—is the key to this element. The name comes from a desire that we all have to be told that we are right, attractive, intelligent, and so forth, and we tend to be fond of those who confirm this for us. By being so incredibly nice, the social engineer convinces the other party that there is no way their intentions could possibly be harmful.
Consensus
Convincing the person who is being tricked that there is a limited supply of something can often be effective if carefully done. For example,
convincing them that there are only 100 vacation requests that will be honored
for the entire year and that they need to go to a fictitious website now and fill out
their information (including username and password, of course) if they want to
take a vacation anytime during the current year can dupe some susceptible
employees.
Scarcity
Mental guards are often lowered, many times subconsciously, when
we are dealing with other individuals that we like. The “like” part can be gained
by someone having, or pretending to have, the same interests as we do, be
engaged in the same activities, or otherwise working to gain positive attention.
Familiarity
Social engeeniering attack when someone does something for you, there is often a feeling that you owe that
person something. For example, to gain your trust, someone may help you out of
a troublesome situation or buy you lunch.
Trust
to convince the individual whom they are attempting to trick that time
is of the essence. If they don’t do something right away, money will be lost, a
nonexistent intruder will get away, the company will suffer irreparable harm, or
a plethora of other negative possibilities may occur.
Urgency
network security measure used to
ensure that a secure computer network is physically isolated from unsecured
networks. Those “unsecured networks” include both the Internet and any
unsecured local area networks.
Airgap
Prevents interference from EMI and RFI sources
shielding