1.3.

2 Social Engineering
• A social engineer is a person who is
able to gain access to equipment or a
network by tricking people into
providing the necessary access
information
1.3.2 Social Engineering cont..
• To protect against
social engineering:
• Never give out a password.
• Always ask for the ID of the unknown
person.
• Restrict access of visitors.
• Escort all visitors.
• Never post your password.
• Lock your computer when you leave
your desk.
• Do not let anyone follow you through
a door that requires an access card.
1.3.2 Social Engineering cont..
• Three of the most commonly used
techniques in social engineering are:
• Pretexting
• Phishing
• Vishing
1.3.2 Social Engineering cont..
• Pretexting
• Target is typically contacted over the telephone.
For example, if an attacker knows the target’s
social security number, they may use that
information to gain the trust of their target. The
target then more likely to release further
information.
1.3.2 Social Engineering cont..
• Phishing
• They typically contact the target individual (the
phishee) via email. The phisher might ask for
verification of information, such as passwords
or usernames in order prevent some terrible
consequence from occurring.
1.3.2 Social Engineering cont..
• Vishing/ Phone Phishing
• A new form of social engineering that uses
Voice over IP (VoIP). With vishing, an
unsuspecting user is sent a voice mail
instructing them to call a number which appears
to be a legitimate telephone-banking service.
The call is then intercepted by a thief. Bank
account numbers or passwords entered over
the phone for verification are then stolen.
CHAPTER 1
INTRODUCTION TO
SECURITY
1.4 VARIOUS TOOLS IN INFORMATION
SECURITY
1.4.1 Function of the following tools
• Network Mapper (Nmap)
• Anything connected to a network that offers services,
such as a printer, a router, or a web server, has open
ports to accept connection requests. If the correct ports
aren't open on a device, it won't function properly. If too
many ports are open, the device might be vulnerable to
attack.
• Nmap is one of the most important tools available for
cybersecurity professionals, network engineers, and
system administrators.
• Nmap allows you to scan networked devices and
determine what ports are open so that you can
learn what services they're exposing on the
network, verify firewall configurations, or perform testing
and troubleshooting.
1.4.1 Function of the following tools
cont…
• Netstat
• Netstat is a command-line utility to view of active ports
on your machine and their status. This helps user to
understand which ports are open, closed, or listening for
incoming connections. The information provided by
netstat conveys an accurate assumption of how
vulnerable PC might be to attacks on various ports.
• Common attacks may include port 21 (FTP) and port 23
(telnet). A hacker can connect to these ports to obtain
view of the directory structure, download and upload
files, and, if the password is compromised, connect to
the host with complete control.
1.4.1 Function of the following tools
cont…
• NetScan
• NetScan is a software to perform network
scanning to determine the active device and its
corresponding IP and can also monitor the local
computer network (LAN). This software are so
complete that, depending on the person, can be
used to disturb even cripple or take over the
network.
• NetScan sometimes categorized as a hacking
tool.