Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Security-Basics
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Steps to avoid Social Engineering

from [John Blackley] Network Security [Permanent Link]
Subject: Re: Steps to avoid Social Engineering
Date: 20 Apr 2005 01:51:13 -0000 
In-Reply-To: <8a9a90f405041811393557cacb@mail.gmail.com>

I sympathise with your problem and the first piece of advice I have for you is 
this: You may be able to reduce the risk and you may not be able to entirely 
eliminate it. However, beware of the risk of making your controls so convoluted 
that you disappear up your own environment.

Some thoughts on controls: A single point of contact at the third-party company 
begins to reduce the risk of impersonation - only receive calls from an 
authorised person at the third-party (allowing a backup, of course, for when 
he/she isn't available to make the call). 

When someone calls from the third-party, call them back at the third-party's 
switchboard and ask to be connected to them. 

If you have a written contract with the third-party and that contract has some 
kind of identifier on it (contract or PO number), ask for that.

You can go on from here yourself, I'm sure. The key here is simple, 
easily-established rules that give you some assurance that you are talking to 
the person you think you're talking to.

Good Luck

John A Blackley
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  VMWare interface security, John Madden
Next by Date:  RE: Hacked (...still cleaning), Beauford, Jason
Previous by Thread:  RE: Steps to avoid Social Engineering, Patoff Pat-EtHiQ
Next by Thread:  RE: Steps to avoid Social Engineering, Sanders, Jonathan
Indexes:  [Date] [Thread] [Top] [All Lists]