understanding Social Engineering ?
In the world of network security, there is a principle which says "the strength of a chain hanging from or located at the junction of the weakest" or in English "the strength of a chain depends on the weakest link". What it means is a chain with a bond as good as anything if there is a weak bond is the bond which limits its power. In the world of network security, the weakest component is human. Although a system has been protected by the hardware and software that cangih the antidote attacks such as firewalls, anti-virus, IDS / IPS, and so forth-but if the people who operate it fails, then all the equipment it has no meaning. The cyber criminals know this, so then they started using a particular technique called the "social engineering" to get the important and crucial information that is stored in secret by a system through a human.Security or security is dependent on trust. Good faith in terms of authentication and protection. It has been generally agreed that as part of the weakest bond in a security chain, a natural human nature to believe the words of other people easily create a gap in security. Do not rely on the system's security forces, but it all depends on the human to keep a company or an information is maintained.TargetThe main purpose of doing social engineering with the goal of hacking is similar in outline, is to get that should not be allowed access to a system or information to commit fraud, infiltration, surveillance, identity theft, or to destroy a system or network. Usually the target of social engineering in the areas of provider network is a telephone, answering machine, large corporations, financial institutions, government companies, and hospitals.Look for concrete examples of social engineering is quite difficult. Target company will not admit it because it will be a thing to do
to recognize that a company has a slit on its employees and create a bad reputation. In addition, most attacks are not documented so it is difficult to determine whether it is a social engineering attack or not.Asked why a company or organization to be well-targeted social engineering, it is often an easier way to get illegal access to social engineering is compared with various forms of technical hacking. It's easier to pick up the phone and ask someone for a password than to try a few techniques that will take a long time. This is what was most often done by the hackers.Social engineering attacks are divided into two, namely the physical and psychological attacks. First we will focus on the setting of physical assault, such as the workplace, telephone, trash, and even online. In the workplace, the hacker can run to the door, like in the movie, and pretend to be a maintenance worker or consultant to gain access to the company. Then, the intruder broke into his office until he gets a few passwords that can be seen and tried to get into the network with passwords that he has got. Another technique is to get information just by standing there and waiting for an employee who does not know to write the password.
Understanding Set (social engineering toolkit) ?
SET is a python-driven suite of custom tools which solely focuses on attacking the human element of penetration testing. It’s main purpose is to simulate social-engineering attacks and allow the tester to effectively test how a targeted attack may succeed. SET is a must have tool kit for every penetration tester.
In this tutorial we will see the step by step procedure of how we can attack our
victim using Credential Harvester Attack method. Social-Engineering toolkit is already available on backtrack5. So we will use that tool kit in our attack.
Tidak ada komentar:
Posting Komentar