|Read this whole guide offline with no ads, for a low price!|
Use coupon code "certiguide" to save 20%!
|Need more practice? 300 additional Security+ questions!|
|Get It Here!|
5.1.2 Social Engineering
Operational Security + Social Engineering
= User Awareness Training416. There are two considerations that come into
play. The first is competitive intelligence417. Employees have access to the data in order to do
work. An unhappy worker could sell valuable data to a competitor418. Honest employees need to keep aware of the fact
somebody wants your data. If the data is valuable to your company, it
is valuable to your competitors.
Secondly, setting aside data, consider
other assets, such as the phone system. A hacked phone system can
be used for:
- Making long distance phone calls billed to the
- Compromising voice mail.
- Retrieving phone numbers of customers and prospects.
The scammer calls pretending to be a telephone service technician performing a test on the line. He asks that you transfer him to an operator by pushing 9, 0, # and then hang up. On some business systems, this can give the caller an outside line that can be used to make long distance calls. Toll charges will then be billed to the owner of the PBX as directly dialed calls.
A more direct attack is for the scammer to come in with a tool case and say they are there to work on the PBX. It is possible to be friendly and still challenge the guest for solid proof of identification.
|If you find CertiGuide.com useful, please consider making a small Paypal donation to help the site, using one of the buttons below. You can also donate a custom amount using the far right button (not less than $1 please, or PayPal gets most/all of your money!) In lieu of a larger donation, you may wish to consider buying an inexpensive PDF equivalent of the CertiGuide to Security+ from StudyExam4Less.com. (Use coupon code "certiguide" by December 31, 2004 to save 20%!) Thanks for your support!|
Table Of Contents - Contact Us
CertiGuide for Security+ (http://www.CertiGuide.com/secplus/) on CertiGuide.com
Version 1.0 - Version Date: November 15, 2004
Adapted with permission from a work created by Tcat Houser et al.
CertiGuide.com Version © Copyright 2004 Charles M. Kozierok. All Rights Reserved.
Not responsible for any loss resulting from the use of this site.