Social Engineering
What is social engineering?
Manipulating people to give confidential information.
What attack uses fake emails?
Phishing
What is least privilege?
Giving minimum access necessary to complete their task.
Multiple conditions or attributes must be checked and verified before access is granted.
Separation of duties (MFA+identiy+training)
Email asking for password is what attack?
Phishing
What is the link humans are considered?
Weakest
Free USB attack type?
Baiting
Split task among people are what?
Separation of duties
Multiple security layers is called?
Defense-in-Depth
Fake IT support scam?
Quid pro quo
Fake identity attack?
Pretexting
System defaults secure?
Fail-safe
Keep systems simple?
Economy of mechaniism
Check every access request?
Complete mediation
Why avoiding clicking unknown links is very helpul?
Prevent malware and phishing
Which human traits are exploited and cause people to commit crimes?
Emotions
Attackers promises rewards or free times if you click on a link or open attachements.
Baiting
Ways to protect your yourself from social engineering when you are not sure of the person.
Ask for identification or credentials or ID card
Defense mechanisms are layed to protect system with multiple barriers against any attack.
Defense of Depth
When leveraging existing components what has to be introduced first.
Exisiting components and maximum numbert of existing components must be leveraged and reused.
Name the (4) phases of social engineering.
Investigation, Infiltration, exploitation and exit
Humans are part of the security chain, so are firewalls but when attacked the firewall response will be.
NO!
Protecting yourself and devices from social engineering you must take this step.
Keep software and applications up-to-date.
Fail secure = fail safe keeping all assests safe example ATM true or false.
True
Attack is complete, target is achieved, attackers cover their track and close the interaction without raising any suspension what phase of social engineering.
Phase of Exit