powerpoint presentation - 123seminarsonly.com · created by winzip – purpose was to see who would...

/ /12 22 2010 1

/ /12 22 2010 2/ /12 22 2010 2

/ /12 22 2010 3

Click to edit Master title style

/ /12 22 2010 3

•Art of manipulating people into performing actions or revealing confidential information.

•Using trickery to gather information or computer system access.

•In most cases the attacker never comes

face-to-face with the victim.

/ /12 22 2010 4


/ /12 22 2010 4

I need a . password reset What is

the password set to?

, . This is John the System Admin What is your password?:Email

ABC Bank has

noticed a problem with your…account

…I have come to repair your machine

and have some software patches

’ What ethnicity are you? Your mother s maiden name?

/ /12 22 2010 5


/ /12 22 2010 5( : / )source BusinessWeek Symantec

/ /12 22 2010 6/ /12 22 2010 6

/ /12 22 2010 7


/ /12 22 2010 7

Risks in Companies

Common techniques used Dumpster diving Office snooping Shoulder surfing Phishing Phone phishing Vishing Spear phishing Quid pro quo

/ /12 22 2010 8


/ /12 22 2010 8

Credit card information stolen ID Theft Computer credentials compromised Account numbers Access to facilities Confidential information Usernames/passwords

Impact in Companies

/ /12 22 2010 9


/ /12 22 2010 9

Common techniques used•

Dumpster diving Shoulder surfing Phishing Phone phishing Baiting

Risks in Individuals

/ /12 22 2010 10


/ /12 22 2010 10

• Credit card information stolen• ID Theft• Account numbers• Social security• Confidential information• Usernames/passwords

Impact in Individuals

/ /12 22 2010 11


/ /12 22 2010 11

What would happened if your- E mail gets compromised?

/ /12 22 2010 12


/ /12 22 2010 12

Your email may contain many important confidential informationThis is what we found when we audited the email account

We found account Statements Facebook account access Confidential information Credit card information Resumes Pictures Usernames/passwords

What would happened if your email gets compromised?

/ /12 22 2010 13/ /12 22 2010 13

/ /12 22 2010 14


/ /12 22 2010 14

• Social engineering is the evolution of a hacker’s modus operandi.

• Wide range of techniques.• The attack exploits flaws in the

human character to perpetrate a crime .

• Awareness and preventive measures.

/ /12 22 2010 15


/ /12 22 2010 15

• Security Policy• Physical Security• Acceptable Use• Help Desk

/ /12 22 2010 16


/ /12 22 2010 16

/ /12 22 2010 17


/ /12 22 2010 17

• Listing all possible measures that an organization or individual can take to prevent a SE attack would be a daunting task.

• Once measures are implemented a continuous cycle of awareness, training and rule enforcement is required.

/ /12 22 2010 18/ /12 22 2010 18

/ /12 22 2010 19


/ /12 22 2010 19

• Key Logger experiment (First Exercise)– Placed physical key logger on lab tech

machine in the BA lab– Attempted to obtain password to

printing system.– Key logger was used to obtain

additional information.

/ /12 22 2010 20


/ /12 22 2010 20

• Social Engineering Attempt

/ /12 22 2010 21


/ /12 22 2010 21

• Key Logger Experiment Evolved…

/ /12 22 2010 22


/ /12 22 2010 22

• MP3 Files on CD (Second Exercise)– Created VB Script file to obtain

information such as PC Name, IP Address, MAC Address and other information

– Grabbed MP3 files and put the files together in an executable file created by winzip

– Purpose was to see who would open the CD and open the file (going fishing).

/ /12 22 2010 23


/ /12 22 2010 23

• Results during testing…

/ /12 22 2010 24


/ /12 22 2010 24

• Results during testing…

/ /12 22 2010 25/ /12 22 2010 25

/ /12 22 2010 26


/ /12 22 2010 26

• Our demonstration clearly showed the simplicity of performing a social engineering attack and how secure information can be exposed

• As the United States is the leader in malicious activity in regards to social engineering, it is important to constantly be aware of these attack techniques and to practice mitigation in order to prevent your business or yourself from becoming a victim.

•

/ /12 22 2010 27


/ /12 22 2010 27

• Retrospective– Social Engineering used maliciously is

a crime– Social Engineering attacks pose a

threat to businesses and individual security by attacking the human element

– These techniques are not only used to gain access to technical controls, but to steal identities and proprietary information

/ /12 22 2010 28


/ /12 22 2010 28

• For businesses, reputations can be tarnished, proprietary information can be lost, or massive monetary losses can be incurred

• Individuals can have their identity stolen, credit destroyed and also suffer monetary losses

• Business and Individuals should practice mitigation techniques to minimize impact– Through Education– Through Policy

/ /12 22 2010 29


/ /12 22 2010 29

/ /12 22 2010 30/ /12 22 2010 30

Questions?

powerpoint presentation - 123seminarsonly.com · created by winzip – purpose was to see who would...

Documents