Reference no: EM13835779
Social Engineering Audit
Social engineering attacks are the most prevalent types of attacks against IT systems. This is primarily due to the fact that they directly attack the weakest link in any IT system...the users. While there are many ways to lock down, or secure data residing on a computer or other device, securing data held in the brains of users is difficult to secure for a number of reasons. People have the ability to reason and even redefine rules, while computers do not. If you tell a computer to not allow access to a particular file by a particular user, the computer will do just that. However, a human can be tricked into giving up all sorts of information, often without even knowing that they have done so.
For this lab, you will conduct a social engineering audit on various social media websites. Almost every social engineering attack begins with the collection of data. The aim of collecting this data is to discover ways in which the target of the attack can be tricked into giving up potentially valuable information. This initial data can take many forms: birth dates, addresses, user names, pictures, phone numbers, names of co-workers or relatives, and much more. Often times this seemingly innocent data can be used to either directly impersonate someone the target trusts, or to build a collection of data which can be used to know more about the movements, personality, or general life of the target.
This lab has two parts, as described below:
Part 1: Gathering data
To accomplish this part of the lab, you will access some social media sites of your choice. Obviously Facebook is a veritable treasure trove of personal data. However, there are many others like Flickr, Twitter, YouTube, LinkedIn, and Instagram, which you might also consider. Locate data posted by or about users (they could be friends and family, or people you don't know) which you feel could be exploited in a social engineering attack. This data can consist of many different things, but should pose a potential security risk for the user, or others. For example, my sister-in-law recently posted a baby shower invitation on Facebook to all her friends. Since my sister-in-law is a heavy Facebook user, the invitation was undoubtedly viewed by many people my sister-in-law does not even know. A baby shower invitation might not seem like a big deal, but think about what it contained. My sister-in-law's home address for sending gifts for non-attenders. A time frame when she will not be home (because she will be away at the shower), and the address of where she will be during that time. Do you see the potential security problem here? This is only one of many examples I see on social media sites all the time.
Part 2: The analysis
After you have gathered data from various social media sites which you feel could be used in an attack, you will conduct an analysis of your OWN social media accounts. Look at the types of data you felt were potentially dangerous for other users, and compare it to data you have exposed to the world from your own social media accounts. After conducting the analysis of your own social media account(s), complete a 1 - 2 page written response regarding your data gathering and analysis. Describe the types of data you found others posted, and how the data could be used in a social engineering attack (please do not include any names or actual specific data you found). Include the analysis of your own social media accounts. Was there data that you decided to either delete from your social media accounts, or types of data you will refrain from posting in the future?
|
Assignment-21st century leadership
: The 20th and 21st centuries have produced many business leaders, such as corporate giants like Jack Welch of GE, Daymond John of FUBU, Steve Jobs of Apple, and Herb Kelleher of Southwest. In addition, many hip-hop moguls have risen to prominence, ..
|
|
Accounting summary report that present financial reports
: Write a three- to four-page accounting summary report (not including the title page) that presents the financial reports for the Lemonade Stand Business
|
|
How multivariate analysis might be used in recruitment
: Demonstrate how multivariate analysis might be used in recruitment of international managers. Discuss acculturation issues in expatriation and repatriation of international managers.
|
|
All servant leadership thinkers agree with greenleaf
: The theory of servant leadership: A. Is a coherent and consistent set of ideas and concepts that all servant leadership theorizers agree upon B.There is a substantial difference between biblical servant leadership and Greenleaf's conception of servan..
|
|
About social engineering audit
: Social Engineering Audit
|
|
What is mass and how does it affect energy
: What is Mass and how does it affect energy and how do Potential and Kinetic energy (gravity and mechanical force) apply to the Law of Conservation of Energy?
|
|
Basic structure of dna
: Describe differences between eukaryotes and prokaryotes (at least three). Basic structure of DNA. Why is DNA so important in biology
|
|
Describe briefly how you chose this project
: Identify the project you have chosen for your term project (i.e., give it a "name"). Describe briefly how you chose this project. What were your selection criteria, given what you have learned so far about the nature of project
|
|
How should the company deal with payments received
: How should the company deal with payments received under the Homemakers' Club arrangements? What tax consequences follow if customers default or fail to make all agreed payments?
|