Font Size

Social Engineeering

 By

Chris Eden - Quality Matters Limited

Business Articles
Submit Articles   Back to Articles

Social engineering is the name given to attempts to gain secure information by gaining the trust of the person holding such information.

With Valentine's Day fast approaching, I recall methods used in the past to gain entry to some of London's most secure buildings.

Imagine the scene, a pretty girl with a teddy bear and a box of chocolates presents herself at reception, "It's a surprise for Jason Brown from his girlfriend and the bear, chocolates and message have to be delivered in person". The Receptionist says that security policies will not allow her in, but she pleads that this is an emergency, and trusting the girl, just this once, lets her in. Of course she isn't delivering a Valentines Gift, she has been sent to test the company security.

Imagine the second scenario, the telephone rings and the person on the other end explains that he is one of the IT engineers testing the company intranet and has foolishly gone to the data centre without taking his book of secure passwords, if he is found out he will probably be sacked; can the person please help him out this once and give him log in and password information. The result can be scary.

The third scenario is even more worrying; on a train station the offer is a free pen if the person will simply write their log in and password on a slip of paper. Each person so doing will be entered into a draw with the chance to win a holiday, one million pounds, or some other prize. Sadly too many people take up this offer and compromise their security systems.

This year with February 29 being the day when traditionally ladies can propose to their men it will be entirely possible that many secure buildings will be penetrated by women claiming to want to propose, and it must be surprise mustn't it?

And finally the smoking ban has had a very detrimental effect on security; the fire doors at the back of the building are left open to allow smokers to go out for a cigarette, and get back in afterwards. The social engineer will simply mingle with the smokers and follow them in. Security breached.


About the Author

Chris Eden FIBC, MISSA, ACQI is a director of Quality Matters Limited an established independent management consultancy specializing in ISO27001 Information Security Management accreditation.



Follow us @Scopulus_News

Article Published/Sorted/Amended on Scopulus 2008-03-18 12:52:30 in Business Articles

All Articles

Copyright © 2004-2019 Scopulus Limited. All rights reserved.