Social engineering is the acquisition of information, or edicts, secret / sensitive by cheating the owner of such information. Social engineering is typically done via telephone or Internet. Social engineering is one of the methods used by hackers to gain information about the target, by requesting the information directly to the victim or others who have that information.
Social engineering concentrates on the weakest chain of computer network systems, namely humans. As we know, no computer system that does not involve human interaction. And worse, this vulnerability is universal, independent of platforms, operating systems, protocols, software or hardware. That is, each system has the same weakness in human factors. Any person who has physical access to the system is a threat, even if the person is not included in the security policy that had been developed. Other methods such as hacking, social engineering also requires preparation, even most of the work includes the preparation itself.
Social engineering concentrates on the weakest chain of computer network systems, namely humans. As we know, no computer system that does not involve human interaction. And worse, this vulnerability is universal, independent of platforms, operating systems, protocols, software or hardware. That is, each system has the same weakness in human factors. Any person who has physical access to the system is a threat, even if the person is not included in the security policy that had been developed. Other methods such as hacking, social engineering also requires preparation, even most of the work includes the preparation itself.
The
first method is the most basic method of social engineering, an
attacker can complete the task directly, namely, the attacker lived ask
what he wanted: a password, access to the network, map network, system
configuration, or a room key. Indeed, this at least works, but can be very helpful in completing the task of the attacker.
The second way is to create a false situation in which a person becomes part of the situation. Attackers can make excuses regarding the interests of other parties or other parts of the company, for example. This requires further work for the attacker to find more information and usually also have to collect additional information about the 'target'. It also means we do not have to always lie to create a situation proficiency level, facts are sometimes more acceptable to the target.
As an example like this: pretend to be a ticket agent who called one company employee to confirm that the tickets were booked vacation and ready to be sent. Booking is done by name and position in the company's target, and the need to match the target data. Of course the target is not felt to book a ticket, and the attacker still needs to match the name and number of employees. This information can be used as the initial information to get into the system at the company with the target account. Another example, can pretend to hold a particular vendor's hardware survey, from here we could see information about the network map, router, firewall or other network components.
Popular way today is via e-mail, by sending e-mail that asks the target to open an attachment that can certainly we sisipi worm or Trojan horse to create a backdoor on the system. We can also insert the worm even in the file. Jpg that seem "innocent" ones.
These methods usually involve personal factors of the target: the lack of responsibility and moral obligation to be complimented. Sometimes the target feel that the actions taken will lead to fewer atu no ill effects at all. Or target meets the desire to feel that the attackers, who would pretend to make him be praised or get a better position. Or he felt that by doing something to help others and it had been his duty to help others. So we can focus on to help persuade our target voluntarily, not by force. Furthermore, we can lead the target to do what we want, target certain that he retained control over the situation. Target feels that he's making good decisions to help us and give a little time and effort. The less conflict the better. corporal garenx a ruler hacker.
Psychological research also shows that one will be easier to fulfill if it previously had been dealt, before the request target nuclei do try to ask the little things first.
The second way is to create a false situation in which a person becomes part of the situation. Attackers can make excuses regarding the interests of other parties or other parts of the company, for example. This requires further work for the attacker to find more information and usually also have to collect additional information about the 'target'. It also means we do not have to always lie to create a situation proficiency level, facts are sometimes more acceptable to the target.
As an example like this: pretend to be a ticket agent who called one company employee to confirm that the tickets were booked vacation and ready to be sent. Booking is done by name and position in the company's target, and the need to match the target data. Of course the target is not felt to book a ticket, and the attacker still needs to match the name and number of employees. This information can be used as the initial information to get into the system at the company with the target account. Another example, can pretend to hold a particular vendor's hardware survey, from here we could see information about the network map, router, firewall or other network components.
Popular way today is via e-mail, by sending e-mail that asks the target to open an attachment that can certainly we sisipi worm or Trojan horse to create a backdoor on the system. We can also insert the worm even in the file. Jpg that seem "innocent" ones.
These methods usually involve personal factors of the target: the lack of responsibility and moral obligation to be complimented. Sometimes the target feel that the actions taken will lead to fewer atu no ill effects at all. Or target meets the desire to feel that the attackers, who would pretend to make him be praised or get a better position. Or he felt that by doing something to help others and it had been his duty to help others. So we can focus on to help persuade our target voluntarily, not by force. Furthermore, we can lead the target to do what we want, target certain that he retained control over the situation. Target feels that he's making good decisions to help us and give a little time and effort. The less conflict the better. corporal garenx a ruler hacker.
Psychological research also shows that one will be easier to fulfill if it previously had been dealt, before the request target nuclei do try to ask the little things first.
SET
Social-Engineering Toolkit (SET) is specifically designed to carry out further attacks against the human element
Tidak ada komentar:
Posting Komentar