Embed Size (px)
Citation preview
Social EngineeringSocial Engineering
What?...What?...
I only clicked on the flying pig.I only clicked on the flying pig.
Thomas Karlsson (CISSP, ITIL, Security+)Thomas Karlsson (CISSP, ITIL, Security+)
Security Support SpecialistSecurity Support Specialist
Microsoft CSS-Security EMEAMicrosoft CSS-Security EMEA
What is this session about?What is this session about?
Social engineering in combination withSocial engineering in combination with Customers perception aboutCustomers perception about
Defence in DepthDefence in Depth FirewallsFirewalls AntivirusAntivirus Security VulnerabilitiesSecurity Vulnerabilities
- Note - - Note -
all demos are executed in an isolated all demos are executed in an isolated environment.environment.
Risk awarenessRisk awareness
One layer protectionOne layer protection
Firewall?Firewall?
Defence in Depth - DiDDefence in Depth - DiD
Policys, procedures and awareness
Physical Security
Data
Application
Host
Network
Perimeter
Who should have access to the resources?•Keys to the office•Code to the alarm system•Motion sensors•Keys to the rooms•Keys to the document cabin•Keys to the cash box
Defence in depthDefence in depth
What is security?What is security?
PeoplePeople
ProcessesProcesses
ProductsProducts
Security is a Process! – and not a Product
Risk?Risk?
Mitigating riskMitigating risk
Ever heard about this guy?Ever heard about this guy?
Photo by Monty Brinton - John Wiley & SonsPhoto by Monty Brinton - John Wiley & Sons
ThreatsThreats
PolicyPolicy
””Documentation (”rules”) which Documentation (”rules”) which describes the objective for the describes the objective for the organisation and or department in organisation and or department in regards to it’s operating areas”regards to it’s operating areas”
The content often references...The content often references... Processes/ProceduresProcesses/Procedures
Methods in how-to achive the objectiveMethods in how-to achive the objective
Social EngineeringSocial Engineering
THETHE best way to get hold of classified best way to get hold of classified informationinformation
Products will in most casesProducts will in most cases NOT NOT block block the attackthe attack
KNOWLEDGEKNOWLEDGE is the key to ensure this is the key to ensure this attack vector doesn’t workattack vector doesn’t work
Real exampleReal example
•vcodec.com vcodec.com •V-codec.com V-codec.com •vcodecdownload.comvcodecdownload.com•vcodec-download.com vcodec-download.com •vcodecget.comvcodecget.com•vcodec-get.com vcodec-get.com •vcodecpull.comvcodecpull.com•Vicodec.comVicodec.com•Vidcodec.com Vidcodec.com •vidscodec.com vidscodec.com •zcodec.comzcodec.com•myspace.com/82959792 myspace.com/82959792
More threats to the sociatyMore threats to the sociaty
Being pro-active using right protection!Being pro-active using right protection!
DEMODEMO
- Note - - Note -
all demos are executed in an isolated all demos are executed in an isolated environment.environment.
