Social Engineeering

Business Articles
Submit Articles Back to Articles
Social engineering is the name given to attempts to gain secure information
by gaining the trust of the person holding such information.
With Valentine's Day fast approaching, I recall methods used in the past to
gain entry to some of London's most secure buildings.
Imagine the scene, a pretty girl with a teddy bear and a box of chocolates
presents herself at reception, "It's a surprise for Jason Brown from his
girlfriend and the bear, chocolates and message have to be delivered in person".
The Receptionist says that security policies will not allow her in, but she
pleads that this is an emergency, and trusting the girl, just this once, lets
her in. Of course she isn't delivering a Valentines Gift, she has been sent to
test the company security.
Imagine the second scenario, the telephone rings and the person on the other
end explains that he is one of the IT engineers testing the company intranet and
has foolishly gone to the data centre without taking his book of secure
passwords, if he is found out he will probably be sacked; can the person please
help him out this once and give him log in and password information. The result
can be scary.
The third scenario is even more worrying; on a train station the offer is a
free pen if the person will simply write their log in and password on a slip of
paper. Each person so doing will be entered into a draw with the chance to win a
holiday, one million pounds, or some other prize. Sadly too many people take up
this offer and compromise their security systems.
This year with February 29 being the day when traditionally ladies can
propose to their men it will be entirely possible that many secure buildings
will be penetrated by women claiming to want to propose, and it must be surprise
mustn't it?
And finally the smoking ban has had a very detrimental effect on security;
the fire doors at the back of the building are left open to allow smokers to go
out for a cigarette, and get back in afterwards. The social engineer will simply
mingle with the smokers and follow them in. Security breached.
About the Author
Chris Eden FIBC, MISSA, ACQI is a director of Quality Matters Limited an
established independent management consultancy specializing in
ISO27001
Information Security Management accreditation.
Follow us @Scopulus_News
Article Published/Sorted/Amended on Scopulus 2008-03-18 12:52:30 in Business Articles