RE: Steps to avoid Social Engineering

["J B" <kybrdcowboy () hotmail com>]

You may want to generate a passphrase, and keep it on a need to know basis.  
This could be limited to you and those in your team that reuqire said 
information, as well as the specific people in the third party company that 
need to contact you, when speaking to them ask them to identify themselves 
and give the appropriate passphrase, if they fail to give you the correct 
word, treat it as an attempted security breach.  Make sure to create a 
policy regulating the use of said word(s) for both your company and your 
contractor and get them to agree with it.

Thanks

J

> Hello y'all,
>
>      I have a question for you guys (and gals). We all know about social
> engineering. Some of us use it on a daily basis. And we all know how
> it can be even more dangerous than any computerized attacks, but how
> can we protect against it?
>
>      I'll give you an example: we have a database based program that
> was written by and maintained by a third party that is in another
> city. In the past when they needed access for maintenance, we would
> provide them it via VPN. Recently there has been a problem so they
> were contacted. Earlier today someone from that company phoned me to
> discuss details about the VPN. I haven't given them any information
> yet. In this case I am fairly positive it is legit since they knew the
> company that we use as well as who lodged the complaint.
>
>      But how could I get this person (or any one in the future) prove
> to me that they are the people who are they say they are? Any advice?
>
> Tabs

_________________________________________________________________
Take advantage of powerful junk e-mail filters built on patented Microsoft® 
SmartScreen Technology. 
http://join.msn.com/?pgmarket=en-ca&page=byoa/prem&xAPID=1994&DI=1034&SU=http://hotmail.com/enca&HL=Market_MSNIS_Taglines 
 Start enjoying all the benefits of MSN® Premium right now and get the 
first two months FREE*.