Anti Social Engineering

[Soda_Popinsky]

Interesting...

A search on AO for anti social engineering came up with nothin...

Well I guess I should take the initiative. Heres some links for those of you in the future that search for it.

http://www.gocsi.com/training/erc/dase.jhtml
http://www.cioinsight.com/article2/0...1458982,00.asp
http://www.watchguard.com/infocenter/editorial/1302.asp
http://www.seas.rochester.edu:8080/C...ity/node9.html
http://www.csoonline.com/read/100702/machine.html
http://www.brienposey.com/kb/social_engineering.asp

Also attached document from csrc.nist.gov.

Remember, some hackers arent out there to be l337, and will employ non-digital methods of attack, such as Social engineering or dumpster diving. Although you might have enough common sense to recognize an engineer, the users on your network may not. The doc I attached is a simple thing to spread around to "patch" common sense.

[MrLinus]

Uh... did you do a search for Social engineering? Tutorial on Social Engineering. One of the ideas here is that understanding should help with the defense of. Although your links will still be helpful.

Oh.. and I moved this to Misc Security because this isn't limited to Network Security.

[!mitationRust]

This site is edited by Robert Schifreen, one of the world's best-known writers and commentators on information security issues.
WWW.SecuritySavvy.com

"A determined data-thief will stop at almost nothing to get their hands on your data. There are lots of tricks that they use to con you or your staff into allowing them access to information that they should not have. It pays to understand some of the tricks that they use, and the sections that follow list just some of the many methods that I have come across.

You should study each method in turn and assure yourself that it would prove difficult to use within your organisation. (See also the discussion of operating systems for information on the relative security of these crucial pieces of software)."

Source: WWW.SecuritySavvy.com