Social engineering
From Computing and Software Wiki
Line 1: | Line 1: | ||
'''Social engineering''' is a term used in computer science that referees to a non-technical type of security attack. This attack relies on the human element in any security system and is made vulnerable by exploiting a person's trust in the attacker to divulge sensitive or insensitive information. This is often accomplished by misleading or tricker the person getting attacked. In many cases, the attacked never know that they have been attacked. | '''Social engineering''' is a term used in computer science that referees to a non-technical type of security attack. This attack relies on the human element in any security system and is made vulnerable by exploiting a person's trust in the attacker to divulge sensitive or insensitive information. This is often accomplished by misleading or tricker the person getting attacked. In many cases, the attacked never know that they have been attacked. | ||
+ | |||
+ | |||
+ | __NOTOC__ | ||
[[Image:Mitnick.jpg]] | [[Image:Mitnick.jpg]] |
Revision as of 23:16, 30 November 2007
Social engineering is a term used in computer science that referees to a non-technical type of security attack. This attack relies on the human element in any security system and is made vulnerable by exploiting a person's trust in the attacker to divulge sensitive or insensitive information. This is often accomplished by misleading or tricker the person getting attacked. In many cases, the attacked never know that they have been attacked.
Social engineering techniques and terms
All social engineering techniques are based on specific attributes of human decision-making known as cognitive biases.<ref>CSEPS Course Workbook, unit 3</ref> These biases, sometimes called "bugs in the human hardware," are exploited in various combinations to create attack techniques, some of which are listed here:
In computer security, social engineering is a term that describes a non-technical kind of intrusion that relies heavily on human interaction and often involves tricking other people to break normal security procedures. A social engineer runs what used to be called a "con game". For example, a person using social engineering to break into a computer network would try to gain the confidence of someone who is authorized to access the network in order to get them to reveal information that compromises the network's security. They might call the authorized employee with some kind of urgent problem; social engineers often rely on the natural helpfulness of people as well as on their weaknesses. Appeal to vanity, appeal to authority, and old-fashioned eavesdropping are typical social engineering techniques.
Another aspect of social engineering relies on people's inability to keep up with a culture that relies heavily on information technology. Social engineers rely on the fact that people are not aware of the value of the information they possess and are careless about protecting it. Frequently, social engineers will search dumpsters for valuable information, memorize access codes by looking over someone's shoulder (shoulder surfing), or take advantage of people's natural inclination to choose passwords that are meaningful to them but can be easily guessed. Security experts propose that as our culture becomes more dependent on information, social engineering will remain the greatest threat to any security system. Prevention includes educating people about the value of information, training them to protect it, and increasing people's awareness of how social engineers operate.
External links
References
--Shahinrs 07:36, 7 November 2007 (EST)