SOCIAL ENGINEERING AND QUALITY OF SERVICE 1

Social Engineering and Quality of Service

Capella University

IAS5220 – Network Security Controls and Testing.

Feb 14, 2019

SOCIAL ENGINEERING AND QUALITY OF SERVICE 2

Abstract

Social engineering is when a professional hacker hacking human whiles an amateur use

social engineering to hack computers. The professional hacker hacks human by using various

psychological manipulation to get needed information which can aid them to get access to the

computer network system.

This paper describes the “analysis of the effect of social engineering on network security.

Discussing the paper will evaluate the strategy procedure to minimizing the effect on social

engineering in an international organization. This paper will review the topics on quality of service

in the way of building an effective network system security architecture in an international

organization” (Capella, 2019, 20-22).

Keywords: network system security architecture, social engineering, quality of service.

SOCIAL ENGINEERING AND QUALITY OF SERVICE 3

Table of Content

 Cover Page,

 Abstract.

 Table of Content.

 Introduction/ Body

 Conclusion

 References
SOCIAL ENGINEERING AND QUALITY OF SERVICE 4

Introduction

The social engineering by a professional hacker is to hack human or their victims for, by

gathering information for the baseline attack and determination of ways and means for their

attacking procedures. In information gathering, they want to know the weakest link in the targeted

victim defense down in the information they won't be it the organization entry points, organization

weak link in security procedures, the access points for getting sensitive information. Social

engineering is the best form of actor or actress roleplaying a character in the script of tv or movies.

Before the attacker attack using social engineering, they spend much time studying their victims

and gathering information to win the trust of their victims by bending in with the mass.

Incapsula states that for a professional hacker to hack its victims in letting their defense

down they operate in way of mental manipulation vector of getting their victim fall for a careless

attack, comfort zone, helpful attack, and fear. In hacking the targeted victim’s manipulation of

helpful nature of always their desire to help others or put themselves out there to help anyone in

need. The exploit such a nature and desire to be helpful to others. Also, the manipulate the target

victim in their comfort zone mentality in letting guard down which makes it easy for them to fall

into attacker hacking social engineering. When the victim is in a trusted relationship with the

attacker hack the victim in their careless zone they can devoid sensitive information for an attacker

to use the hacking process. Also, they exploit the fear mentality of the targeted victim with a

process such as false pretense and putting pressure on the victim to get the information. Since the

professional hacker is hacking the target victim mentality and behavior without the victim’s actual

realization he/she is an active participant of network system security breaches and they are been

manipulated and human hack deception (Incapsula, n.d., para 3-6).

SOCIAL ENGINEERING AND QUALITY OF SERVICE 5

How does social engineering affect network system security of international organization?

Gulati shares (2003) his review that social engineering is a threat and what can be your best

solution for international organization falls victim to network system security breaches their

goodwill and reputation is loss through the stolen of sensitive information of customers or client

which becomes pay for that loss from legal litigation. That is companies and international

organization spends billion in network system security devices and technologies for security and

protection. Even though the greatest network system security threats are not an unpatched

application or operating system, malicious code injected into network traffic packet, badly

configuration firewall but the greatest threats are the workplace personnel at the international

organization. Since this workplace personnel who can be easily deceiving than network system

technology. These social engineering approaches of attack by a hacker affect the network system

security the direct method when attacker calls employee in impersonation approach to get ID or

troubleshoot computer problem for the employee without the employee realization of deceit and

manipulation by attacker using social engineering to motive the employee in a desire to be helpful

in troubleshooting of computer system. There is also the dumpster diving, snooping where an

attacker can use letterhead sheet of paper of the international organization which they got from

diving in the dumpster to create organization official representation communication without

organization realization or eavesdrop on employee login information keystrokes/ helpdesk support

to the employees communicating the login information over the phone. There are also

vulnerabilities approach use by attacker such as the Trojan horse and popup window, where there

attacker mail malicious code attachment in which unsuspecting employee then open the attachment

for the malicious virus to spread in the computer network system or code a popup window of

operating system or application with message that the OS/application is having network
SOCIAL ENGINEERING AND QUALITY OF SERVICE 6

connectivity issues which require the employee relog in to the application/OS again continue their

session (Gulati, 2003, n.d., p 3-6).

Also, when the attacker uses false pretense to the social engine a workplace of an

international organization by pretending to be helpdesk technician or network system

administrator, can be janitor, cable company worker working phone installation or cleaning crew

working at the premise of the international organization. Gulati further states that (2003) they can

also be the pretense of the voice of top management executive seeking access to the secure network

system. There are workplace employees’ characters that can fall prey to this social engineering

which can cause network system security vulnerabilities. With the fear attack, the employee can

fall victim to the popup window. Also, for careless attack fall victim to any dumpster diving, listen

in. helpful mentality or character of employees can fall victim to direct attack, false pretense, the

voice of top management executive. Since all these are behaviors vulnerability which would be

areas of network system vulnerabilities in the international organization. Also, there is a behavior

vulnerability of curiosity or unnecessary web browsing falls prey to Trojan horse attack.

The procedures for mitigation social engineering affects the international organization

from the following process which will reduce the impact documentation of information security

system governance for the international organization. This well-documented information security

governance tells every member of international organization acceptable standards of network

management technologies, network security outlines, it also contains a top-down process or down-

up process in maintaining network system security principles. It also contains types of policies

such as regulatory requirements, advisory standards, informative security control measures. Also,

their types of network system security control policy. Next procedure is awareness of all workers

and non-workers by security consciousness training within the international organization on

SOCIAL ENGINEERING AND QUALITY OF SERVICE 7

behavioral vulnerabilities and network system security. There should be continuous network

system monitoring/compliant and audit policy of review all workers and non-workers privileges

and permission. There is proper institutionalize authentication and identity management which

means the international organization has a unique ID for each worker, by the unique ID that worker

permission and verified to access all computer network system. The network system vulnerability

with that is when the unique ID is used for all authentication and identification methods since that

is key of all personal data of workers when the cyber attacker gain access to such ID data of all

employees of the international organization through social engineering on one employee he or she

can use to have access to the organization network system and other support applications/OS that

employee is using and his/her have half of the workload done for him/her. Having different Unique

ids and permission to each different ID for every employee for access organization network system

helps in minimizing the risk and vulnerability network system (Gulati, 2003, n.d., p 8-11).

Also, Gulati, in addition, says that there is (2003) organization network management

process that can use to mitigate network system vulnerability such as call back or cross verification

approaches before any request is granted. There should be network management backup protection

protocols in the network system management operation insurance protection from a third party

insurance company, these network system management insurance protection provide insurance

policy the organization purchase against network system security attacks since the insurance

company is much concern about human or employee factors security controls such as audit

processes for internal or external, HR hiring processes, the kind of information security governance

in place, suppliers and vendors access processes(Gulati, 2003, n.d., p 13-14).

Quality of service has influences on development and effective network system security

architecture which has the supports the user and overall network system distribution system,
SOCIAL ENGINEERING AND QUALITY OF SERVICE 8

Cynthia states that (n.d.) with using the QoS mechanism influence the effective network system

security architecture in making sure that reliable access to network system services through

efficient resource allocation and utilization. In the effective network system security architecture

there is QoS with Resource usage control by user load and terminals configured for network system

by which computation services for the end user’s expectation for appropriateness and performance

superiority are met. With QoS mechanism in the network system, architecture handles any services

level requests in the soft and hard necessities (Cynthia, Timothy n.d., p 1-3).
SOCIAL ENGINEERING AND QUALITY OF SERVICE 9

References

Capella University, 2019, Courseroom, unit 6, social engineering and quality of service, Date

retrieved 02/15/2019,

https://courserooma.capella.edu/webapps/blackboard/content/listContent.jsp?course_id=_

162482_1&content_id=_7268977_1&mode=reset

Gulati, R. (2003, n.d). The Threat of Social Engineering and Your Defense Against It. Date

retrieved 02/15/2019, https://www.sans.org/reading-

room/whitepapers/engineering/the-threat-of-social-engineering-and-your-defense-

against-it-1232

Irvine, C., and Levin, T., (2000), Toward Quality of Security Service in a Resource Management

System Benefit Function, Proceedings of the Heterogeneous Computing Workshop,

Cancun, Mexico,

Cynthia I., Timothy L., (n.d.) Quality of Security Service, Date retrieved 02/15/2019,

https://csrc.nist.gov/csrc/media/publications/conference-paper/2000/10/19/proceedings-

of-the-23rd-nissc-2000/documents/papers/202i.pdf

Imperva Incapsula, (n.d.) Social Engineering, Date retrieved 02/15/2019,

https://www.incapsula.com/web-application-security/social-engineering-attack.html
SOCIAL ENGINEERING AND QUALITY OF SERVICE 10
SOCIAL ENGINEERING AND QUALITY OF SERVICE 11