Toastmasters Project 7 - Research Your Project

by shuff 10/16/2009 7:12:30 AM

I just gave my Project 7 speech yesterday at my company’s Toastmasters Club.  The title of the speech is Social Engineering and here is a copy of the speech:

Madam Toastmaster, fellow toastmasters and honored guests – Our Company has a problem. 

Sure, they have purchased firewalls, antivirus software, and even blocked users from known malicious websites – but this doesn’t stop the problem. 

The problem is – “social engineering”.  Employee’s can fall victim to Social Engineering attacks which puts the entire company at risk.

Social engineering is a hacking technique used to manipulate people into giving out information such as credit card numbers, passwords, or access to a network.

When many people think of a hacker, they think of a nerd who hasn’t had a date, since they took their cousin to the prom – not a person who has the social skills, to trick you into divulging corporate information.
Let me walk you through an example of hacking via Social Engineering:

Susie in Claims gets a call and answers, “Claims Department this is Susie Smith” someone on the other side identifies themselves as Eddie from the help desk.

For the sake of argument let us assume that, like me up until a week ago – you had one of the phones from 1980 that didn’t have caller id -- although -- you should be aware that caller id can be spoofed.
Eddie explains that he is trying to track down a network problem and wants to know if Susie or anyone in her group is having problems with the network dropping. 

Susie asks around and tells Eddie no.  

Eddie says “great” -- makes some more small talk -- and asks if he can verify Susie’s Port number while he has her on the phone, as he is trying to make sure their database is up to date.  

Susie reluctantly crawls under her desk and looks at the number her network cable is plugged into and tells Eddie it is Port D-167. 

Great Eddie tells her, that’s what we have down for you.  Eddie goes on and gives her his cell phone number -- since she’s been so “helpful” and says -- “call me – if you have any network problems”

Fast-forward 2 days later. 

Eddie calls the Network Operations Center at Our Company and says this is Bob; I’m in Susie Smith’s office in Claims – I’m trying to troubleshoot a cabling problem, can you disable her port for 30 minutes – it’s port number D-167.  The person at the Network Operations Center sees that port number is going to a Susie Smith and doesn’t think twice about turning off that connection for 30 minutes.

A few minutes later Eddie’s cell phone rings and he sees it’s from Our Company.  He answers, “Help desk, this is Eddie”. 
Susie explains how happy she is to have gotten hold of Eddie.  She explains her network connection has gone down, Eddie tells her -- he’ll see what he can do and for her to stay off her computer till he calls her back.  

About 45 minutes later -- Eddie calls Susie -- and asks her to try again.  She says, “Great, it is working”. 

Eddie apologizes for the mishap and tells her they are going to be pushing out a software package to fix the problem at some point.

But since she is already having the problem, he can walk her through downloading and installing the software fix if she wants too. 

“That would be fantastic, I can’t afford any more down time”, she tells him.  Eddie tells her the website to go to and how to install it.  He tells her she shouldn’t see the problem again.
As you may imagine, Our Company has now been hacked.  The program Susie just installed, allows Eddie to remotely connect to Susie’s machine any time he wants from the outside and get onto the Our Company network. 

You might think this is an unrealistic scenario but unfortunately it isn’t.  I just finished a class on Corporate Security and Controls where we learned that social engineering is one of the top security concerns.
You may think the firewalls, anti-virus software, and other security programs should prevent these types of problems, but they can only do so much. 

Many friends and family members I help with computer problems are always amazed when they get viruses and spyware on their machines.  They have Antivirus software how could this have happened.

Well, just because you used protection -- doesn’t mean you will always be safe.

The solution to the problem of Social Engineering is education.  Our Company educates employees with training, posters, and email communications.

While practicing safe surfing habits is essential to stopping viruses, you have to be careful what information you make available to smooth talking guys or girls that call you at work too.

Tags:

   E-mail | Kick it! |
Permalink | Comments (0) | Post RSSRSS comment feed

Powered by BlogEngine.NET 1.5.0.7
Theme by Mads Kristensen

About the author

Name of author Steve Huff
A developer in the Greater Cincinnati/Northern Kentucky area.

E-mail me Send mail

Pages

Recent posts

Recent comments

Archive

Authors

Tags

Categories


Blogroll

Download OPML file OPML

Disclaimer

The opinions expressed herein are my own personal opinions and do not represent my employer's view in anyway.

© Copyright 2010

Sign in