Discussion on:
View:
Show:
Is combatting social engineering really even possible, since some users will always be susceptible to a well-written scheme?
I know it is knit-picking, but...
Of course combatting social engineering is possible. The results may not always be what you desire, but education of users almost always has positive results. If you can educate users on these types of attacks, and do it in such a way that the users will stay interested (role-playing, etc.), it will pay off in the long run.
Of course combatting social engineering is possible. The results may not always be what you desire, but education of users almost always has positive results. If you can educate users on these types of attacks, and do it in such a way that the users will stay interested (role-playing, etc.), it will pay off in the long run.
It is only too easy to get passwords. During one project where I was sub-contracted to a large company, I took my laptop home each weekend and it would not reconnect on Monday; call the Help Desk. After the third time, I asked the techie for the login and password so I could reconnect without 'bothering him'. Done!
Next was the need to load some utilities on the Team PCs; Support had no time so I offered to do it. Administrator access to ALL PCs in the company as I was given a generic login/PW.
Next I needed to some network routing changed - you guessed it - I was now a Network Admin .
All this simply by asking and in a Company that was otherwise paranoid about security - passes, secure doors (which people would let me through btw), firewalls on each floor of the building etc. etc.
Education of staff as to the risks involved in 'being nice' to someone is critical to any security system. As shown above the best security system devised is only as good as the staff who follow it; or not
Next was the need to load some utilities on the Team PCs; Support had no time so I offered to do it. Administrator access to ALL PCs in the company as I was given a generic login/PW.
Next I needed to some network routing changed - you guessed it - I was now a Network Admin .
All this simply by asking and in a Company that was otherwise paranoid about security - passes, secure doors (which people would let me through btw), firewalls on each floor of the building etc. etc.
Education of staff as to the risks involved in 'being nice' to someone is critical to any security system. As shown above the best security system devised is only as good as the staff who follow it; or not
- Keyboard Shortcuts:
- Prev
- Next
- Toggle
