Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Steps to avoid Social Engineering

From: Alvaro Prieto <alvaro () apg88 com>
Date: Tue, 19 Apr 2005 18:17:58 -0400
Tabs,
I would highly reccommend you read Kevin Mitnick's "The Art of Deception" http://www.amazon.com/exec/obidos/tg/detail/-/0471237124/104-6364757-6014360?v=glance
It talks about many different ways a social engineer can deceive you and your company, but most importantly it has a few chapters on how to implement security and training in order to prevent these sorts of attacks. 

It talks about caller-id spoofing, dumpster diving, and many other subjects.

I hope this helps,

Alvaro

Tabs The Cat wrote:


Hello y'all,

    I have a question for you guys (and gals). We all know about social
engineering. Some of us use it on a daily basis. And we all know how
it can be even more dangerous than any computerized attacks, but how
can we protect against it?

    I'll give you an example: we have a database based program that
was written by and maintained by a third party that is in another
city. In the past when they needed access for maintenance, we would
provide them it via VPN. Recently there has been a problem so they
were contacted. Earlier today someone from that company phoned me to
discuss details about the VPN. I haven't given them any information
yet. In this case I am fairly positive it is legit since they knew the
company that we use as well as who lodged the complaint.

    But how could I get this person (or any one in the future) prove
to me that they are the people who are they say they are? Any advice?

Tabs
Previous By Date Next
Previous By Thread Next

Current thread: