文章目录

  In this semester, my english teacher ask us to do some professional presentation which related to our major. So I choose this: Social Engineering, and below is my presentation preparation.


  Good afternoon, everyone. I am delighted to be here, and I am very glad to share my opinion with you. Let me introduce myself first, I am Jerry Fu, and I am the team leader of an international Social Engineering research group.

  Today I would like to give you a brief introduction about Social Engineering. So I will be addressing three main points. And first is about what is the Social Engineering actually is and why we neglected it. Then in the second part I am going to show you some kinds of typical Social Engineering attacking methods. Finally , I will share some sufficient solutions to solve this serious thread. After that, I am happy to take any questions from your.

  Before I begin my presentation, I want to show some background about social engineering to you. As the chart shown above, about 60% of all the network attacks are based totally or partly on Social Engineering. The data is come from China Computer Emergency Response Team/Coordination Center 2014’s Report, for more information you can visit their website.

  So, let us start with my presentation. I would like to begin by giving a brief introduction about Social Engineering. So what is the Social Engineering actually is? Social Engineering is a methodology that allows an attacker to bypass technical controls by attacking the human element in an organization. Then is naturally to wonder that why we neglected it? The reason is very simple, the success of Social Engineering attack based on the weakest link in the security architecture-the human. We always believe the one who we assumed trust-worthy, but actually they are where the problem is.

  Now, let us turn to next point. How to attack the target company or institution by using Social Engineering? The methods of these attacks is limited by only one factor-the creativity of the attackers, so I can only list some typical types of Social Engineering attacks. There are phishing, impersonation, bribery, shoulder surfing, dumpster diving. Due to the time is limited, I shall pick out the most interesting one to explain in detail. The dumpster diving, it is very vivid, like someone jumping into the pool filled with garbage. The attacker will search the rubbish carefully in order to dig out dome critical information. You may doubt that what critical information can be there you know- in the trash can? Most of us do not understand the value of the information they throw away on a regular basis. So they are plenty of things: phone directory, name list may be even the system password, who knows.

  So this lead me to the third point, my last point. How to solve this serious problem? Is this problem can be relieved by only the technology upgrading? Obviously the answer is no. As I mentioned in the part one, the key of solution is the same as the key of where the problem is-the human. The most effective mitigation against Social Engineering attacks is to educate employees, to enhance they network security awareness, such as do not directly answer any critical question requested by some unidentified people, even if he/she claimed themselves is your boss or something else. Some compulsory policies is also very critical, for example to face the dumpster diving business shredders should be used on a regular basis. That is pretty much what I want to tell you about the Social Engineering.

  So, this bring me to the end of my presentation. Let me summarize what we have looked at, we looked at what Social Engineering is and why we neglected it. Then we talked about some Social Engineering attacking methods. In the end I shared some solutions to this great challenge with you. To conclude, I would like to leave you with the following thought that Network Security problem is not only about technology upgrading but also about the improving of awareness towards Social Engineering. All the security system are charged by human, no matter how strong your system may be, please do not forget about the key of you entire system, the human. Thank you for your attention, and I am happy to take any questions from you.

Reference

[1]Beck, K. and Wilson, C. (2000). Development of affective organizational commitment: A cross-sectional examination of change with tenure. Journal of Vocational Behavior , 56, 114–136. Retrieved March 22,2008, from Academic Search Premiere database

[2]Manske, K. (2000). An introduction to social engineering. Information Systems Security, 9(5), 53–60. Retrieved March 23, 2008, from Academic Search Premiere database

[3]Mitnick, K. and Simon, W. L. (2002). The art of deception: Controlling the human element of security. New York: John Wiley & Sons.


如果觉得文章很有趣或对你带来了帮助,欢迎请我喝杯咖啡哦~

文章目录