-
August 26th, 2003, 09:47 PM
#11
Nihil That is cool on the Greenies as long as you enjoyed reading it I am happy. I really like hearing people's view on something that I wrote. If you want to make me smile read my UnUber-Uber story and post reply's to it. I only got one so I am curios to what people thought about it. I would really like to know.
I do personally think that all Companies that have a high use of computers should have some type of Computer training on Social Engineering/Security.
Jizz
-
August 26th, 2003, 10:17 PM
#12
Having been working in the IT field now for the better part of a decade, I can say that social engineering in corporations is one of the biggest problems any security department faces. Sure, we've all heard about the "disgruntled" worker but that's more for destruction of office equipment and injurty/loss of life to fellow workers. Being a unix sysadmin, if I'm canned one day, they'll know a day before me and I won't even be able to go to near a keyboard. I'll also be escorted everywhere, even to the bathroom.
Social engineering is way easier because of the following:
1) people who don't work with computers on a security or power-user level are going to believe pretty much anyone who says they're from company XYZ doing a presentation or audit and needs access to ABC.
2) "suits" generally are given high-level or complete admin rights simply because of "who they are" which is an inherent mistake. I've worked at several places where the firewall and proxies were told to ignore anything from the boss' IP address (all static) and he was allowed to look at anything on the net (ebay, porn, lottery) without worry of the proxy nailing him. This is very bad because people think that when they have "god" rights, they can do anything but it's a double-edged sword. You have to be more careful the more power you have.
3) Nobody in these environments have proper training. This is where it all falls apart. A day class of educating end-users on proper techniques and basic security would do wonders. Also, making someone responsible for letting security breaches occur (on a stacked tree of course) would enforce it a bit more.
There's more but I believe proper training can bypass a lot of the social engineering that goes on. And if anyone ever sent me an IM on AIM that said "This is AOL. We need your password.", I'm going to have LOTS of fun.
We the willing, led by the unknowing, have been doing the impossible for the ungrateful. We have done so much with so little for so long that we are now qualified to do just about anything with almost nothing.
-
August 26th, 2003, 10:22 PM
#13
Ahem, you're going to have to excuse me for one sec while I hijack your thread...
OMG IT'S VORLIN!!!!!
Good to see you. We've missed you and your posts.
Okay, carry on
Outside of a dog, a book is man's best friend. Inside of a dog it's too dark to read.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|