Home arrow Security arrow Page 4 - What’s behind the curtain? Part II

Social engineering attack - Security

In this second of a three-part series covering threats to computer security, we focus on attacks that are more specifically directed against a particular person or company.

TABLE OF CONTENTS:
  1. What’s behind the curtain? Part II
  2. Denial of service (DoS) attack
  3. Password cracking attack
  4. Social engineering attack
  5. Conclusion
By: Eliana Stavrou
Poor Best
Rating: starstarstarstarstar / 8
February 28, 2005

print this article
SEARCH DEV SHED

TOOLS YOU CAN USE

advertisement

Social engineering is used by hackers to break the trust users place in other people and reveal sensitive information, such as their password. Usually, the cracker tries to gain the confidence of a user in an attempt to compromise the network’s and systems’ security. The cracker can accomplish his purpose by sending email to legitimate users, claiming to be the administrator and asking the users to send him their password to perform an urgent administration work.

The cracker relies on the ignorance of the user to provide him this kind of information; many times people do not think about the value of the information they possess and are careless about protecting it. Another technology through which crackers use social engineering is the phone, as they call the victims to try to find out what they want.

Another social engineering method is called “shoulder surfing.” The “shoulder surfing” method can be used by anyone, even your co-worker. The main characteristic of this method is that someone looks over your shoulder while you type in your password. So be careful when providing your password with people around.

Packet Sniffing attack

Crackers usually use tools such as a packet sniffer to grab information traveling on a network running protocols such as Ethernet and TCP/IP. Sniffing is a passive attack that only reads the data on the network link without altering anything. Sniffing programs are used to steal passwords, read emails and other sensitive information.

When using a packet sniffer to listen to the communication link, the cracker's NIC card is set to promiscuous mode to watch over any packet that travels on the link you are already using. When there is activity on the link, the sniffer reports it in real time as soon as it detects it.

Usually, the cracker doesn’t need to put a big effort into using these tools. All he needs to focus on is the interpretation of the data provided by the tool, which usually requires only a good knowledge of networking issues and TCP/IP.

These tools are also used by the good guys, i.e. the administrator, to monitor the network and report problems and vulnerabilities in order to fix them before someone takes advantage of them.

Keep in mind that firewalls don’t prevent sniffing, so don’t rely on them to avoid packet sniffing on your network.



 
 
>>> More Security Articles          >>> More By Eliana Stavrou
 

blog comments powered by Disqus
   

SECURITY ARTICLES

- Secure Your Business for Data Privacy Day
- Google Testing Security Fob Password Alterna...
- Security News Highlights Concerns
- Going to Extremes for Data Security
- Skipfish Website Vulnerability Scanner
- Critical Microsoft Visual Studio Security Pa...
- US Faces Tech Security Expert Deficit
- LAN Reconnaissance
- An Epilogue to Cryptography
- A Sequel to Cryptography
- An Introduction to Cryptography
- Security Overview
- Network Security Assessment
- Firewalls
- What’s behind the curtain? Part II
Find More Security Articles

Developer Shed Affiliates

 

© 2003-2013 by Developer Shed. All rights reserved. DS Cluster - Follow our Sitemap

Dev Shed Tutorial Topics: