About Social Engineering

We can implement diferent things, processes or systems to protect a network; but it cannot ensure the safety from the users.

People are important in the organizations and systems they are the weakes link. Social engineering is a con game, scam. It means people can attempt to defraud a person or group using their confidence to obtain information of a system or organization.

Social engineers can include hackers, scam artists, salespeople, ordinary people.

It can be implemented using telephone, online, even trash diving and simple persuasion.

Examples are the dumpster diving (look at the thrash of someone to recollect information).

Shoulder surfing that is the act to walk behind someone and look at their info.

Phishing is an attempt to get a user to reveal information. Often implemented trough email or instant messaging.

Spearphishing is target to specific individuals with usually better results. Is difficult to protect against.


Attack Surface:

Known, unknown, or potential vulnerabilities across Software, Hardware, network and users.

An attack is anything that can compromise the security of the data.

Passive: Non invasive, like monitoring transmissions.

Active: Attacker tries to break in securing systems to steal, modify or introduce information.


Software vulnerabilities are common, they usually are glitch or flaws. In order to reduce them you an update the system with latest security patch or to control the software to be installed can reduce the surface.

Hardware attack surface: Physical access is required, but it can be executed via network.


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s