Security Basics mailing list archives
RE: Social Engineering
From: m_r_welch () tiscali co uk
Date: Sat, 7 Jan 2006 14:58:25 +0000
-- Original Message -- From: "coder" <elite.coder () ntlworld com> To: <security-basics () securityfocus com> Subject: RE: Social Engineering Date: Fri, 6 Jan 2006 17:26:27 -0000 OK, Maybe Social Engineering cannot be *solved* with software engineering... but maybe (as some of you have suggested) it can be minimized.
In a manner of speaking. The time honoured principle of least priviledge can use technology to limit the damage from social engineering, but not prevent it from happening. That which a person does not know and cannot access cannot be charmed out of them, no matter how good the attacker is. The password to a limited, locked down account is less use to an attacker than a more open one, without preventing the innocent party from doing their job. It's a basic concept for information security, but easy to forget in a rush to discover a new and exciting 'great new thing'. The more you make an attacker work for every inch of access, the more chance you have to spot them before they get too deep, and the more opportunities you give them to make a mistake. Unfortunately, you can't expect everyone to have the awareness of IT/IS issues that we have. The average person looks to us to make their problems go away, and if we impose too much on them, we can become a bigger irritation than the problems we are trying to prevent. KISS must be applied to any security solution that requires end-user involvement, and least priviledge applied properly is an unobrusive way for technology to assist against social engineering. regards, Mark Welch ___________________________________________________________ Tiscali Broadband from 14.99 with free setup! http://www.tiscali.co.uk/products/broadband/ --------------------------------------------------------------------------- EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The Norwich University program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Tailor your education to your own professional goals with degree customizations including Emergency Management, Business Continuity Planning, Computer Emergency Response Teams, and Digital Investigations. http://www.msia.norwich.edu/secfocus ----------------------------------------------------------------------------
Current thread:
- Re: Social Engineering, (continued)
- Re: Social Engineering Ansgar -59cobalt- Wiechers (Jan 06)
- RE: Social Engineering Ebeling, Jr., Herman Frederick (Jan 06)
- Re: Social Engineering Gregory Boyce (Jan 06)
- RE: Social Engineering Burton Strauss (Jan 06)
- RE: Social Engineering Liviu Lica (Jan 09)
- Re: Social Engineering Ansgar -59cobalt- Wiechers (Jan 06)
- Re: RE: Social Engineering pg_vlad (Jan 05)
- Re: RE: Social Engineering Mike Lisanke (Jan 05)
- RE: Social Engineering Mike Fetherston (Jan 05)
- RE: Social Engineering coder (Jan 06)
- RE: Social Engineering jpippin (Jan 09)
- RE: Social Engineering m_r_welch (Jan 09)
- RE: Social Engineering Murad Talukdar (Jan 10)