1 / 31

social Engineering and its importance during Security Audits

Learn about the art of social engineering and its relevance in security audits. Explore different types of social engineering exploits and how they can be classified. Discover the process of conducting internal and external social engineering audits. Gain insights into the techniques used by social engineers to gather sensitive information and test physical security procedures.

wilburn
Download Presentation

social Engineering and its importance during Security Audits

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. social Engineering and its importance during Security Audits By:- VismitSudhirRakhecha(Zhug)

  2. There is no Patch, For human stupidity !

  3. Case Studies

  4. What is Social Engineering ? • Famous hacker Kevin Mitnick helped popularize the term “social engineering” in the ‘90s, but • the simple idea itself has been around for ages. • Social engineering is the art of gaining access to buildings, systems or data by exploiting human • psychology, rather than by breaking in or using technical hacking techniques.

  5. Our Life Today

  6. How Social Engineering works? There are an infinite number of social engineering exploits. A scammer may trick you into leaving a door open for him, visiting a fake Web page or downloading a document with malicious code, or he might insert a USB in your computer that gives him access to your corporate network.

  7. Exploitation of Human Behavior

  8. Types of Social Engineering • There are two main categories under which all social engineering attempts could be classified. • Computer or Technology based • Human based or Non-Technical

  9. SE and Security Audit We can break social engineering audits into two main categories, Internal and External, then from there break them down into smaller sub-categories.

  10. Internal SE

  11. Preparation (Pre-Audit) :- • Only the admin panel aware of the exercise. • Obtain current policies and procedures. • Obtain Employees list. • Define “Target”. • Some SPY Devices (Pen, Button, etc.) • Fake authorization letters. • Letter Head

  12. Phase I (Info Gathering) The social engineer who begins his attack with little or no information is destined for failure. Gathering information about the company, its practices, and employees, and identifying potential weaknesses is the goal. Employee lists, internal phone numbers, corporate directories and sensitive security information are prized possessions to the social engineer.

  13. Phase II (Physical Entry) While the social engineer will generally attempt to accomplish his mission without ever physically stepping foot on company property, sometimes it is necessary to gain physical access to gather further information. There are many common tricks that the social engineer can use to gain physical access to a facility. The security auditor can also use these to test physical security procedures.

  14. Results

  15. I Gained

  16. Sensitive Information on Technology used • Network architecture. • Lots of Technical Information reveled to “College Student”. • Official letter in store room. • Gained Access to Server Room.

  17. External SE

  18. In External SE, the base is our PHASE I. Over here we will use Computer or Electric Device to perform audit.

  19. Phishing

  20. Spyware

  21. Spam mail

  22. Baiting

  23. SMSing

  24. Social Networking

  25. QUESTIONS ??? Contact : rvismit@gmail.com www.facebook.com/rvismit

More Related