Social Engineering
In the previous lesson we discussed malware as one of the major threats and risks to an information system. In this lesson, we will examine the threats and risks that a computer system faces that are not directly related to the machinery itself. There is a much more vulnerable risk that we must be aware of and find ways to diminish as much risk as possible. Following this introduction we will discuss what Social Engineering is and why it can be the greatest risk that is often most difficult to prepare for and defend against. Machines are much more predictable that people.
Objectives
Objectives
- Define malware
- List the types of malware that conceals its appearance
- Identify different kinds of malware that is designed for profit
- Describe the types of social engineering psychological attacks
- Explain social engineering attacks
- Create and defend against social engineering in a task
- Demonstrate creative and critical thinking skills
Resources
Offline resouces:
Online resources:
|
Key Termsadware A software program that delivers advertising content in a manner that is unexpected and unwanted by the user. backdoor Software code that gives access to a program or a service that circumvents normal security protections. botnet A logical computer network of zombies under the control of an attacker. dumpster diving The act of digging through trash receptacles to find information that can be useful in an attack. impersonation An attack that creates a fictitious character and then plays out the role of that person on a victim. keylogger Captures and stores each keystroke that a user types on the computer’s keyboard. pharming A phishing attack that automatically redirects the user to a fake site. phishing Sending an e-mail or displaying a web announcement that falsely claims to be from a legitimate enterprise in an attempt to trick the user into surrendering private information. rootkit A set of software tools used by an attacker to hide the actions or presence of other types of malicious software. shoulder surfing Watching an authorized user enter a security code on a keypad. social engineering A means of gathering information for an attack by relying on the weaknesses of individuals. spam Unsolicited e-mail. spear phishing A phishing attack that targets only specific users. |
Last edit: Feb 2013 - Johnathan Yerby