Social EngineeringSlide 2Case studyCase StudyReal WorldSlide 6Slide 7Slide 8What happened next?What’s missing?Next StepsSocial EngineeringJero-JewoSocial Engineering•Social engineering is the act of manipulating people into performing actions or divulging confidential information. While similar to a confidence trick or simple fraud, the term typically applies to trickery or deception for the purpose of information gathering, fraud or computer system access; in most cases the attacker never comes face-to-face with the victim. – www.wikipedia.orgCase study•As a service provider, Duo Consulting helps clients manage the publication of critical business information on their web sites.•Integrity and availability are important considerations for Duo when processing requests for changes•99% of requests from clients come from known client contacts.Case Study•There is currently a communication process in place to receive and manage requests.•How should we handle requests from contacts that are not known?Real World•New request comes in from an unknown contact at Setton Farms for ftp access to their web server on a Saturday.•Request bounces around until it comes to CTO.•Requester is contacted and an inquiry is made about need for ftp access.Real World•Contact explains that there is an immediate need to publish critical information about a recall on their site and they have hired a designer to make the updates to their site.What happened next?•Question identity of requester•Question authenticity of requestWhat’s missing?•We do not have a policy or process in place to confirm identity of contacts making requests•We do not have a list of authorized contacts•There is a service level agreement in place for managed hosting - but nothing defined about emergency requests from clients that do not have a services support contract in placeNext Steps•Solve the
View Full Document