powerpoint presentation - 123seminarsonly.com · created by winzip – purpose was to see who would...
Post on 30-Apr-2020
1 Views
Preview:
TRANSCRIPT
/ /12 22 2010 1
/ /12 22 2010 2/ /12 22 2010 2
/ /12 22 2010 3
Click to edit Master title style
/ /12 22 2010 3
•Art of manipulating people into performing actions or revealing confidential information.
•Using trickery to gather information or computer system access.
•In most cases the attacker never comes
face-to-face with the victim.
/ /12 22 2010 4
Click to edit Master title style
/ /12 22 2010 4
I need a . password reset What is
the password set to?
, . This is John the System Admin What is your password?:Email
ABC Bank has
noticed a problem with your…account
…I have come to repair your machine
and have some software patches
’ What ethnicity are you? Your mother s maiden name?
/ /12 22 2010 5
Click to edit Master title style
/ /12 22 2010 5( : / )source BusinessWeek Symantec
/ /12 22 2010 6/ /12 22 2010 6
/ /12 22 2010 7
Click to edit Master title style
/ /12 22 2010 7
Risks in Companies
Common techniques used Dumpster diving Office snooping Shoulder surfing Phishing Phone phishing Vishing Spear phishing Quid pro quo
/ /12 22 2010 8
Click to edit Master title style
/ /12 22 2010 8
Credit card information stolen ID Theft Computer credentials compromised Account numbers Access to facilities Confidential information Usernames/passwords
Impact in Companies
/ /12 22 2010 9
Click to edit Master title style
/ /12 22 2010 9
Common techniques used•
Dumpster diving Shoulder surfing Phishing Phone phishing Baiting
Risks in Individuals
/ /12 22 2010 10
Click to edit Master title style
/ /12 22 2010 10
• Credit card information stolen• ID Theft• Account numbers• Social security• Confidential information• Usernames/passwords
Impact in Individuals
/ /12 22 2010 11
Click to edit Master title style
/ /12 22 2010 11
What would happened if your- E mail gets compromised?
/ /12 22 2010 12
Click to edit Master title style
/ /12 22 2010 12
Your email may contain many important confidential informationThis is what we found when we audited the email account
We found account Statements Facebook account access Confidential information Credit card information Resumes Pictures Usernames/passwords
What would happened if your email gets compromised?
/ /12 22 2010 13/ /12 22 2010 13
/ /12 22 2010 14
Click to edit Master title style
/ /12 22 2010 14
• Social engineering is the evolution of a hacker’s modus operandi.
• Wide range of techniques.• The attack exploits flaws in the
human character to perpetrate a crime .
• Awareness and preventive measures.
/ /12 22 2010 15
Click to edit Master title style
/ /12 22 2010 15
• Security Policy• Physical Security• Acceptable Use• Help Desk
/ /12 22 2010 16
Click to edit Master title style
/ /12 22 2010 16
/ /12 22 2010 17
Click to edit Master title style
/ /12 22 2010 17
• Listing all possible measures that an organization or individual can take to prevent a SE attack would be a daunting task.
• Once measures are implemented a continuous cycle of awareness, training and rule enforcement is required.
/ /12 22 2010 18/ /12 22 2010 18
/ /12 22 2010 19
Click to edit Master title style
/ /12 22 2010 19
• Key Logger experiment (First Exercise)– Placed physical key logger on lab tech
machine in the BA lab– Attempted to obtain password to
printing system.– Key logger was used to obtain
additional information.
/ /12 22 2010 20
Click to edit Master title style
/ /12 22 2010 20
• Social Engineering Attempt
/ /12 22 2010 21
Click to edit Master title style
/ /12 22 2010 21
• Key Logger Experiment Evolved…
/ /12 22 2010 22
Click to edit Master title style
/ /12 22 2010 22
• MP3 Files on CD (Second Exercise)– Created VB Script file to obtain
information such as PC Name, IP Address, MAC Address and other information
– Grabbed MP3 files and put the files together in an executable file created by winzip
– Purpose was to see who would open the CD and open the file (going fishing).
/ /12 22 2010 23
Click to edit Master title style
/ /12 22 2010 23
• Results during testing…
/ /12 22 2010 24
Click to edit Master title style
/ /12 22 2010 24
• Results during testing…
/ /12 22 2010 25/ /12 22 2010 25
/ /12 22 2010 26
Click to edit Master title style
/ /12 22 2010 26
• Our demonstration clearly showed the simplicity of performing a social engineering attack and how secure information can be exposed
• As the United States is the leader in malicious activity in regards to social engineering, it is important to constantly be aware of these attack techniques and to practice mitigation in order to prevent your business or yourself from becoming a victim.
•
/ /12 22 2010 27
Click to edit Master title style
/ /12 22 2010 27
• Retrospective– Social Engineering used maliciously is
a crime– Social Engineering attacks pose a
threat to businesses and individual security by attacking the human element
– These techniques are not only used to gain access to technical controls, but to steal identities and proprietary information
/ /12 22 2010 28
Click to edit Master title style
/ /12 22 2010 28
• For businesses, reputations can be tarnished, proprietary information can be lost, or massive monetary losses can be incurred
• Individuals can have their identity stolen, credit destroyed and also suffer monetary losses
• Business and Individuals should practice mitigation techniques to minimize impact– Through Education– Through Policy
/ /12 22 2010 29
Click to edit Master title style
/ /12 22 2010 29
/ /12 22 2010 30/ /12 22 2010 30
Questions?
top related