Chapter Summary

Chapter Summary

Chapter Summary
(See related pages)

People—A Security Problem

No matter how advanced security technology is, it will ultimately be deployed in an environment where the human element may be its greatest weakness.

A significant portion of employee-created security problems arise from poor security practices.

For many years, computer intruders have relied on users selecting poor passwords to help them in their attempts to gain unauthorized access to a system or network.

Attackers know that employees are frequently very busy and don’t stop to think about security. They may attempt to exploit this work characteristic through piggybacking or shoulder surfing.

One common way to find useful information (if the attacker is in the vicinity of the target) is to go through the target’s trash looking for bits of information that could be useful to a penetration attempt.

Organizations should have a policy that restricts the ability of normal users to install software and new hardware on their systems.

Contractors, consultants, and partners may frequently not only have physical access to the facility but they may also have network access. Other groups that are given unrestricted, and unobserved, access to a facility are nighttime custodial crewmembers and security guards. Both are potential security problems.

Social engineering is a technique in which the attacker uses various deceptive practices to obtain information which the attacker would normally not be privileged to, or to convince the target to do something they normally wouldn’t.

In reverse social engineering, the attacker hopes to convince the target to initiate contact.

People as a Security Tool

An interesting paradox when speaking of social engineering attacks is that people are not only the biggest problem and security risk, but they are also the best line of defense against a social engineering attack.

The single most effective method to counter potential social engineering attacks, after establishment of the organization’s security goals and policies, is an active security awareness program.

Instructor Edition

Student Edition

Instructor Log In

Notes

Instructor Log In

Log In
You must be a registered user to view the premium content in this website. If you already have a username and password, enter it below. If your textbook came with a card and this is your first visit to this site, you can use your registration code to register.
Username:
Password:
	Forgot your password?

Instructor Log In

Site Preferences	(Log out)

		Send mail as:

TA email:
Other email:

"Floating" navigation?
Drawer speed:

Notes		(What is this?)

Add a note
1.	(optional) Enter a note here:
2.	(optional) Select some text on the page (or do this before you open the "Notes" drawer).
3.	Highlighter Color:
4.

Search
Search for:
Search in:

Home > Chapter 4 > Chapter Summary

	Course-wide Content
		Glossary Textbook Updates

	Quizzes
		Multiple Choice Quiz
	More Resources
		Chapter Outline Chapter Summary

	Instructor Resources
		Projects Updates for Instructors NWCET Info

	Course-wide Content
		Glossary Textbook Updates

	Instructor Resources
		Instructors' Manual PowerPoint Presentation Answer Key NWCET Activity Image Library

	Quizzes
		Multiple Choice Quiz
	More Resources
		Chapter Outline Chapter Summary