This part
examines the various facets of the human psyche that can be oppressed to obtain
in sequence and predict and control performance. Different people react to
different stimuli according to the structure of their characters. However
people with alike characters are often found in comparable roles. Thus it is
possible to predict with a certain degree of accurateness which techniques will
be effectual given adequate information of a target human being. A basic
understanding of the following concepts and threat vectors is dangerous to
obtaining any real achievement with social engineering as well as having any
chance of protecting yourself against it. Social engineers play on states of
mind in order to get what they want. In this section, I'll talk about
exploiting the following:
·
trust;
·
ignorance;
·
gullibility;
·
greed;
·
the desire
to help;
·
the desire
to be liked.
Strategic Approaches to Common Engineering
Having
discussed in universal the overall philosophy of the social engineer, this segment
provides tips and hints for community engineers. It looks at the detailed plans
that can be employed within conversation to attain your goals (or at least
speed up the procedure). After reading each section, think about people you be
acquainted with and how you think they would counter to each advance. This is in
fact a lot easier than you might imagine. For example, acting belligerent and domineering
with center organization is going to get you nowhere fast (unless you can induce
your victim you are upper management); equally don't suppose to carry out a winning
IT-based attack against IT staff. You will find this kind of mental tinplating
very helpful.
Acting Impatient
Acting with
impatience when someone is moving too slowly or appears to be considering
verifying your story can be effective in derailing some people's adherence to
accepted security protocols. Usually you can suppose one of three responses:
This chapter has essentially been a
little similar from the others in this book. Although it is easy to show
someone how to pick a lock or hack a wireless network, social engineering is a
far more individual topic and must therefore be described in more abstract
terms. The bottom line is that you can read a great deal on the subject and,
indeed, on psychology in general but your success in this field will depend
largely on your own personality and people skills. You may feel that you don't
possess the requisite nature – very few people do and this problem is
exacerbated by the fact that such skills are not possible to perform – at least
in the way that you can practice hacking or lock picking. In any case, you are
likely to have one individual on your team who can competently implement the
social-engineering aspect of a test. If not, I suggest you look to your sales
staff. After all, a lot of techniques discussed in this chapter are similar to
those used by sales organization.
No comments:
Post a Comment