Question

In: Computer Science

Describe what a social engineering attack is. [Social engineering is the art of manipulating people so...

  1. Describe what a social engineering attack is.

[Social engineering is the art of manipulating people so they give up confidential information. The attackers solicits information such as passwords or PIN numbers from victims.]

Provide 3 examples of social engineering attacks and describe how they could be used to undermine the security of your IT infrastructure.

[ your answer goes here ]

How can social engineering attacks be defended against? Provide 5 examples with descriptions.

[ your answer goes here ]

Solutions

Expert Solution

Social Engineering can be defined as the tricking users so that they give their sensitive or personal information which can be misused by attacker.

Social Engineering attacks are as follows-

1) Phishing- It is a type of social engineering which involves attacking the personal information of users such as names, addresses and social security numbers. It uses misleading links that redirect users to suspicious websites. It also tries to increase the urgency of user so that they tend to respond quickly.

2) Pretexting- In this, the attacker tries to create a good pretext such that they tell the users that they need certain piece of information so as to confirm their identity. But in real practice, they steal the data and use it to commit identity theft and stage secondary attacks.

3) Tailgating- In these types of attacks, someone without the proper authentication follows an authenticated employee into a restricted area. The attacker might impersonate a delivery driver and wait outside a building to get things started. When an employee gains security’s approval and opens the door, the attacker asks the employee to hold the door, thereby gaining access to the building.

4) Vishing – Also known as voice phishing, is the criminal practice of using the telephone system to convince a victim to provide access to personal or financial information

Social Engineering attacks can be defended in the following ways-

1) Raising awareness- Users should have knowledge about how a phishing mail looks like and how they can tackle it.

2) Skilled Employees- Employees should be trained against phishing attacks. So, employee must be trained against attacks and the attacks must be followed by test checks where a security department periodically imitates phishing attacks on employees’ emails. The employees who did not pass the test should be retrained.

3) Implementation of High level Security in organization- Implement a Security-aware culture. This requires that the highest levels of the organization push and enforce the need for individual security accountability.This can be done by-

- implementing reward system for maintaining security in the organization.

- adding measuring objectives to each employee's year book

4) Frequent Testing of systems- Systems should have frequent testing so that they cannot be attacked.

5) Testing of employees- Users need to be tested on whether they fall for phishing emails, texts, or phone calls.


Related Solutions

In engineering and product design, it is important to consider the weights of people so that...
In engineering and product design, it is important to consider the weights of people so that airplanes or elevators aren't overloaded. Based on data from the National Health Survey, we can assume the weight of adult males in the US has a mean weight of 197 pounds and standard deviation of 32 pounds. We randomly select 64 adult males. What is the probability that the average weight of these 64 adult males is over 192 pounds? Give your answer to...
Describe how the Heartbleed attack happens. What is the type of this attack? Where does the...
Describe how the Heartbleed attack happens. What is the type of this attack? Where does the vulnerability exist? Describe the vulnerability and how it is exploited? Describe the consequences of the attack?
What is Social Engineering? Provide and explain the seven types of Social Engineering. Given a real-life...
What is Social Engineering? Provide and explain the seven types of Social Engineering. Given a real-life example of each type of Social Engineering along with mitigation methods.
What are the techniques of manipulating earnings?
What are the techniques of manipulating earnings?
Cubism art movement · Location of the art movement · Social, economic, and political climate of...
Cubism art movement · Location of the art movement · Social, economic, and political climate of the time and place the movement occurred: · Characteristics of the movement. the meaning of the work? Subject matter: the topic or issue that is represented in the artwork · How did the preceding art movement prompt your movement? · How did this movement influence the next art movement?
What is Social Engineering and how can you detect it.
What is Social Engineering and how can you detect it.
Describe leading threats (Virus, Worm, Trojan Horses, Rootkits, Social Engineering, and Botnet).
Describe leading threats (Virus, Worm, Trojan Horses, Rootkits, Social Engineering, and Botnet).
Describe leading threats (Virus, Worm, Trojan Horses, Rootkits, Social Engineering, and Botnet). Describe the malware detection...
Describe leading threats (Virus, Worm, Trojan Horses, Rootkits, Social Engineering, and Botnet). Describe the malware detection symptoms. Describe defense in depth.
Questions 23–33: Heart Attack Survival, revisited Some people who are having a heart attack do not...
Questions 23–33: Heart Attack Survival, revisited Some people who are having a heart attack do not experience chest pain, although most do. A study of people admitted to emergency rooms with heart attacks compared the death rates of people who had chest pains with those of people who did not have chest pains (Brieger et al. 2004). Of the 1,763 people who had heart attacks without chest pain, 229 died, while of the 19,118 people who had heart attacks with...
What is value engineering? Are there different forms of value engineering? Describe these different types of...
What is value engineering? Are there different forms of value engineering? Describe these different types of value engineering.
ADVERTISEMENT
ADVERTISEMENT
ADVERTISEMENT