Academic Integrity: tutoring, explanations, and feedback — we don’t complete graded work or submit on a student’s behalf.

DO NOT COPY FROM OTHER WEBSITES!!! Social Engineering: Search the Internet and r

ID: 3719416 • Letter: D

Question

DO NOT COPY FROM OTHER WEBSITES!!!

Social Engineering:

Search the Internet and refer to your readings for effective social engineering techniques. Now, suppose you wanted to obtain access to confidential digital information stored on servers at a small local company called InfoLeak, Inc. The company is situated in a small town and has less than 100 employees. Of these 100 employees, only 5 are responsible for information technology and network security. The remaining employees are administrative, sales and research/development. The company is very open and community-friendly, often holding offsite company meetings and gatherings at local bars and restaurants.

Given your knowledge of social engineering, computer security and the general details of InfoLeak, Inc., provide a detailed strategy for obtaining the confidential information.

Explanation / Answer

Social Engineering, with regards to data security, alludes to mental control of individuals into performing activities or unveiling classified or confidential data. A sort of certainty trap with the end goal of data social event, extortion, or framework get to, it contrasts from a conventional "con" in that it is regularly one of many strides in a more mind boggling misrepresentation conspire. The expression "social engineering" as a demonstration of mental control of a human, is additionally connected with the sociologies, yet its use has gotten on among PC and data security experts.Various types of social engineering attacks for obtaining the confidential information from the source(host) are :

1. Baiting: Baiting is the point at which an attacker leaves a malware-contaminated physical gadget, for example, a USB pendrive in a place it is certain to be found. The discoverer at that point grabs the gadget and loads it onto his PC, inadvertently introducing the malware. And in the given example the company is very small (less people to see you), so it won't be a tough job to catch an employee into this bait.

2. Phishing: Phishing is the point at which a malicious party sends a deceitful email masked as a genuine email, frequently implying to be from a trusted source. The message is intended to trap the beneficiary into sharing individual or money related data or tapping on a connection that introduces malware.

In the given example, due to less number of employees, and out of which only 5 are responsible for information technology and Network Security, they lack in giving attention to each and every mail thoroughly and it will be quite easy to trap them by using some official logos and names to pass them through some malicious link for gethering confidential data from their system.

3. Renumeration: implies something for something: An attacker calls arbitrary(random) numbers at an organization, guaranteeing to get back to from specialized help(technical support). In the long run this individual will hit somebody with a serious issue, thankful that somebody is providing back some help to them. The attacker will "help" take care of the issue and, all the while, have the client type commands that give the attacker access to dispatch malware. For implementing this technique you must be good in talking. This was greatly misused 15 years ago.

4. Pretexting: Pretexting is the point at which one gathering misleads another to access advantaged information. For instance, a pretexting trick could include an attacker who claims to require individual or money related information so as to affirm the personality of the beneficiary. This can also be easily done in the above mentioned example, if someone is asking about some company commodity code and all, you'll ask the other employee that time itself (bacause of small organization) and chances will be high that the attacker will get the information he needed. Apart from these, as the company often holding offsite company meeting and gatherings at local bars and restaurants, there can be some chances to lure the company's employee by buying drinks for them and in the process taking out some important information.

Related Questions

DO ALL PARTS TO THIS QUESTION: DO NOT SKIP OVER C. Every answer has skipped part
Question #179327
DO ALL PLEASE IF YOU CANT DO ALL MAKE SURE THAT YOU DO E AND F!! Barnard\'s Star
Question #2077865
DO ALL PLEASE Sharon has secretly been stealing money from her employer for the
Question #356462
DO ALL PLEASE The manager of the local deli has to quickly come up with a new st
Question #356446
DO ALL PLEASE Which of the following is FALSE about stereotyping? It can prevent
Question #356451
DO ALL PLEASE Which of the following statements is true? attitudes are ingrained
Question #356443
DO ALL PLEASE Which of these is NOT true about hygiene factors in the Two-Factor
Question #356480
DO ALL PROB 13 (USE 12 FOR REFERENCE TO SOLVE PROB 13) For the spring- mass syst
Question #1843392

Navigate

Previous
DO NOT COPY FROM INTERNET PLEASE PLAGIRISM IS PROHIBETED Give the answer of all
Next
DO NOT COPY FROM PREVIOUS ANSWER Problem for Strategic Profit Model Assignment W

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.