Vulnerability Exploitation and Defense

Lec. Waleed Bin Shahid - Waleed.shahid@mcs.edu.pk

Computer Security and Penetration Testing - Alfred Basta and Wolf Halton

Hack Value. Notion among hackers that something is worth doing or is interesting.
Target of Evaluation. An IT system, product, or component that is identified and subjected to a required
security evaluation.
Attack. An assault on the system security derived from an intelligent threat. An attack is any action that
violates security.
Exploit. A defined way to breach the security of an IT system through vulnerability.
A Zero-Day. A computer threat that tries to exploit computer application vulnerabilities that are unknown to
others or undisclosed to the software developer.
Security. A state of well-being of information and infrastructure in which the possibility of theft, tampering,
and disruption of information and services is kept low or tolerable.
Threat. An action or event that might compromise security. It is a potential violation of security.
Vulnerability. Existence of a weakness, design, or implementation error that can lead to an unexpected an
undesirable event that compromises the security of the system.
Elements of Information Security
Confidentiality
Secrecy, Sensitivity, Privacy
Prevents Unauthorized Disclosure of data
Protects Sensitive data and processes
Integrity
Accuracy, Completeness
Prevents Unauthorized modification
Protects data and production environment
Availability
Usability
Prevents Disruption of Services
Protects production and productivity
Security Challenges
Increase in sophisticated Cyber criminals
Data leakage, malicious insiders, remote workers
Mobile security, social engineering tactics
Cyber security workforce
Exploited vulnerabilities, operationalizing security
Critical infrastructure protection
Privacy requirements
Access rights management
Security Risks
Trojans, Info stealers, key loggers
Botnets, backdoors
Data loss and breaches
Cybercrime, phishing
Cyber espionage and zero-day exploits
Transportable data
Outsourcing projects
Social networking
Operating system vulnerabilities
Hackers
Intelligent individuals with excellent computer skills, with the ability to create and explore into the
computer software and hardware.
Their intention can either be to gain knowledge or to poke around to do illegal things.
For some hackers, its a hobby just to see how many computers and systems can they compromise.
Some do it with a malicious intent like stealing business data, credit card information, social security
numbers, email passwords etc.
Hacker Types
Black Hats. Extraordinary computer skills, Malicious and destructive intent.
White Hats. Individuals who use hacking skills for defensive purposes, Also known as security analysts.
Grey Hats. Individuals who work both offensively and defensively at various times.
Suicide Hackers. Individuals who aim to bring down critical infrastructure for a cause and are not worried
about legal consequences.
Hacker Motivations
Curiosity
Love of Puzzles
Desire for Recognition
Revenge
Financial Gain
Patriotism and other Moral causes
Ethical Hacking
Ethical hacking is a way to penetrate networks and/or computer systems, using the same methods as
a hacker, for the purpose of finding and fixing computer security vulnerabilities.
Unauthorized hacking is a crime in most countries, but penetration testing done by request of the owner
of the victim system(s) or network(s) is not.
You can only defend your systems and networks against hacking activities when you master hacking
technologies yourself.
An ethical hacker must have knowledge about platform, networks, computers, security and technology.
Vulnerability Research
The process of discovering vulnerabilities and design flaws that will open an operating system and its
applications to attack or misuse
Vulnerabilities are classified based on security level (low, medium, high) and exploit range (local or
remote)
An administrator needs vulnerability research
- To identify and correct the NW vulnerabilities
- To gather information about viruses
- To find weaknesses and alert the network administrator before a network attack
- To protect the NW from being attacked by the intruders
- To get information that helps to prevent the security problems
- To know how to recover from a network attack
Reconnaissance. The act of locating targets and developing methods necessary to attack those targets
successfully
Hackers in order to accomplish this collect a lot of information e.g.
- Physical location of the target
- Data about users at the facility
- Administrative shortcuts
- Operating systems
- Network structure
- Hardware configuration
- Available services
- Business strategies
- Employee phone lists
 - Staffing structure
- All available published information
This collected information allows a hacker to understand the weakness and security vulnerabilities of
her targets.
This collected information also help hackers to identify the best possible techniques , methods and tools
to conduct attacks.
Reconnaissance may be extremely flexible and creative. Its not by definition illegal and many
reconnaissance techniques are completely legal.
Legal Reconnaissance
Looking up all the information about a company available on the internet, including published phone
numbers, office hours, and address etc. is completely legal
Interviewing a member of the staff for a school project is not illegal
Physical entry of a facility (if allowed) is legal
Making friends with somebody who works or used to work there is legal.
There are many other legal ways to gather information about the target.
Questionable Reconnaissance
Local laws vary from state to state. In much of the world performing passive port scan is legal. Scanning
a document lying on a desk might be legal in some cases.
Dumpster diving might not be illegal in some cases. Reading companys newsletter, employee detail(s)
is also probably legal.
Checking for and connecting to unsecured wireless networks might not be illegal in most of the cases.
Asking for a phone list or business card/contacts might also be legal in most of the cases.
Since the attacker can never be sure where the intended information is located, he mind find it sensible
to attempt many mild tactics rather than attempting a known criminal act that might not give as much
information as a legal or questionable act would do.
Illegal Reconnaissance
There are a number of plainly illegal reconnaissance techniques
Developing a front company and acting as a representative of that company, specifically for the
purpose of robbing or defrauding that target company is illegal.
Any other examples of Illegal Reconnaissance?
When practicing reconnaissance, its important to remember that any information about the target is
potentially of some value. During the collection phase of reconnaissance, hackers are not able to
predict how that information can be used.
Therefore, hackers strive to gather every detail, all e-mail, passwords, phone numbers, and codes.
Types of Reconnaissance
Depending upon the technology used and the nature of the investigation, reconnaissance methods can
be classified into three types
- Social Engineering
- Dumpster Diving
- Internet Footprinting
Each of these reconnaissance classifications are composed of various methods that can exist at
various levels of risk and legality.
Hackers use these methods, together or separately, to collect information about their targets.
Social Engineering Techniques. To access information about individuals, a social engineer must gain the
trust or acquiescence of that person. This is done by following any of these social engineering techniques:
Impersonation
Bribery
Deception
Conformity
Reverse Social Engineering
Impersonation
Impersonation can be done at a personal or a role/function level. Function level imposture is easier and
might require less preparation for the reconnaissance. In this case the hacker poses as a legitimate
user or an employee who has the authority to collect information.
Examples of impersonation include
- A social engineer approaches a user, claiming to be a System Administrator or an IT support
executive, and then asks for passwords.
- An impersonator wearing a cap with the name of a local company on it and dressing as a phone
company technician could well get into a locked wiring closet unaccompanied.
- A phone call from an impersonator stating the system is acting erratically and that the victim must
authenticate his or her username and password for verification could easily induce a flow of
sensitive information.
- A social engineer posing as a flustered, uncertain, but legitimate user makes a phone call to a help
desk and asks for information. The information can be given with no security check.
- A social engineer might call the third-shift system administrator at 6:30 a.m. claiming to be the IT
director (who never sees the office until 10:00 a.m.) and request that he or she run a specific line of
code.
Before engaging in this kind of social engineering, a hacker usually performs basic research about the
target company to avoid creating suspicion.
Bribery. Bribery can be an effective way to collect information. A hacker can pit a persons greed and
ignorance against his loyalty to the organization. Blackmail is a common tactic to keep a target employee
fruitful. For this technique, a social engineer looks for specific traits in an employee:
Is he or she of a level in the company that might have useful information?
Is he or she in financial difficulty?
Is he or she struggling with an exploitable addiction, gambling, alcohol or drugs?
Is he or she unsatisfied with the organization ?
Is he or she focused on a short term gain with the company?
Is he or she morally elastic?
Deception
Deception is a method of achieving access to info by actually joining an org as an employee or a
consultant. This enables the hacker to get access to company specific critical data.
Hackers then leave the org in an amicable way in order to avoid legal actions.
Reverse Social Engineering. In RSE hacker projects herself as an authority vested with the power to
solve peoples problems. This requires a bit of planning and research.
First the hacker manufactures a problem, such as a DoS attack that shuts down the network for a time.
Then the hacker advertises himself as an expert who can solve this sort of problem. The victim might be
prompted to communicate with the hacker for relief and the hacker uses this opportunity to solve the
victims problem.
Now the hacker is believed to be a trusted assistant or expert in the field of network security and he is
given more and more access to the network in question, including many critical systems.
The hacker collects information from many users and might install hidden running processes on the
systems to which he has access.
Countering Social Engineering. To prevent and mitigate social engineering, end users must be educated
through awareness and security policy. All users must take the following steps:-
Do not provide any information to unknown people.
Do not disclose any confidential information to anyone over the telephone.
Do not type passwords or other confidential information in front of unknown people.
Do not submit information to any insecure website.
Do not use the same username and password for all accounts.
Verify the credentials of the persons asking for passwords, and recognize that authentic administrators
often do not need your password to access your files.
Keep confidential documents locked.
 Lock or shutdown computers when away from workstations.
Instruct help desk employees to provide information only after they have gained proper authentication.
Dumpster Diving
Dumpster diving is often the mother lode of sensitive information.
Hackers look specifically for sales receipts and paper work that contains personal data or credit card
information.
This information can then be sold to others who will do damage with it, or it can be used by the hacker
himself.
Shredded documents can also lead to data leaks when all the shredders are strip shredders, and the
resultant strips are disposed of in a single bag.
In many places documents considered less sensitive are dropped directly into publicly available trash
boxes.
Draft of letters, even email documents with hundreds of documents company directory sheets, catalog
lists, unused or misprinted labels and policy manuals are not recognized as sensitive data so they are
loose in the trash.
Importance of Proper Discarding
The security policy must carefully address what is sensitive information and what isnt.
Some documents may not be considered sensitive like employee handbooks and company policy
statements but this tell hackers what physical and network security to expect when doing intrusion.
The best solution to theft of trash paper is to crosscut-shred it and keep it in locked trash boxes.
Old hardware cannot be shredded and takes up space, thus these items are frequently thrown out or
given to employees to take home. Hackers search for outdated hardware such as tapes, hard disks,
USBs, laptops etc.
Forensic programmes are available for recovering information from these hardware devices.
Prevention of Dumpster Diving. The following guidelines will help prevent these attacks or mitigate their
value to attackers.
Develop a written recycling policy and trash handling policy, connected to other security policies
Use the policy to develop a consistent , systematic method for handling trash
The policy should state that all papers be shredded. Cross cut shredders with narrow cuts are the best
because they minimize the possibility of reconstructing documents
Erase all data from tapes, floppies, and hard disks. Erase multiple times to avoid recovery
Simply breaking CD-ROM is not sufficient as data can be recovered from broken disks.
Footprinting Methodology
Internet Footprinting
Competitive Intelligence
WHOIS Footprinting
DNS Footprinting
Network Footprinting
Website Footprinting
Email Footprinting
Objectives of Footprinting
Collect NW Collect System Collect Organization
Information Information Information

User and Group Employee

Domain Name
Names Details
Organizations
IP addresses Routing Tables Website
Running System Company
Services Architecture Directory
Networking Address and Phone
Protocols System Names Numbers
Background on
ACLs Passwords Organization
Auth New Articles/press Releases
mechanisms

Internet Footprinting. This is the technical method of reconnaissance that refers to uncovering and
collecting as much information as possible about a target network.
It involves:-
- Collecting basic information about the target and its network
- Determine the OS being used, platforms running, web server versions etc.
- Find vulnerabilities and exploits for launching attacks
- Performed by techniques such as WhoIS, DNS, network queries etc.
Search for the target company in search engine such as Google. Bing, Baidu.
Locate Internal URLs
Internal URLS provide an insight into different departments and business units in an organization
You may find an internal companys URL by trial or error method
Tools to search internet URLs:
http://netcraft.com
http://www.webmaster-a.com/link-extractor-internal.php
Private and Public Websites
Identify a companys private and public websites. Public Website http://apple.com ,Restricted Website
http://developer.apple.com.
People Search
People search returns the following information about a person
- Residential Address
- Contact Numbers
- Date of Birth
- E-mail Addresses
- Satellite pictures of private residences
Personal information can be acquired using online people search services
Monitoring through Alerts
Google alerts is a content monitoring svc that auto notifies users when new content from news, web,
blogs, video or discussion gps matches a set of search terms sel by user and stored by Google Alerts
service.
They help in monitoring a dev news story and keeping a competitor or industry current.
Competitive Intelligence Gathering
Business moves fast. Product cycles are measured in months, not years. Partners become rivals in no
time. So its difficult to compete with contemporaries if you cant keep an eye on them.
The competitor intelligence is non-interfering and subtle in nature.
Competitive intelligence is the process of identifying, gathering, analyzing, verifying and using
information about your competitors from multiple resources such as internet.
 Compare your products with your competitors offerings.
Analyze your market positioning compared to the competitors.
Pull up a list of competing companies in the market.
Extract salespersons war stories on how deals are won and lost in the competitive arena.
Produce a profile of the CEO and the entire management staff of the competitor.
WHOIS Footprinting
WHOIS databases are maintained by Regional Internet registries and contain the personal information
of domain owners.
WHOIS query returns
- Domain name details
- Contact details of domain owners
- Domain name servers
WHOIS Look up tools
- http://www.tamos.com
- http://netcraft.com
- http://www.whois.net
- http://www.iptools.com
Attackers look for
- Physical Location
- Telephone Numbers
- Email Address
- Technical and Administrative Contacts
Website Footprinting. Web mirroring tools allow you to download a website to a local directory, building
recursively all directories, HTML, images, flash, videos, and other files from the server to your computer.
Tracking Email Communications. Email spoofing is a method to monitor and spy emails.

Buffer Overflow
You might have noticed a lot of issues related to software implementation.
The ultimate requirement of developer(s) is to achieve
A perfect design
Perfect algorithm
Secure coding
Flawless behavior
No runtime errors
Even then there are a lot of implementation vulnerabilities which make a software/program susceptible
to attack(s) by hackers.
Whats your concept/current knowledge about a buffer?
A buffer is a place which stores data temporarily.
There are a lot of ways data can be stored in a computer. Every storage location is not a buffer.
Volatile Memory.
You might have written a variety of programs (suppose in C/C++). These programs include a lot of data,
variables, pointers, functions, function calls, function arguments, return calls etc.
What happens when you open a .txt file in a C/C++ program using object of the fstream class.
Myfile.open(test.txt); //And dont close the file accordingly? Myfile.close();
Now you restart your machine, Issue resolved?
Stack
It is a special region of your computers memory that stores temporary variables created by each
function (including the main() function of a C++ program).
This FILO data structure is managed and optimized by the CPU quite closely.
Every time a function declares a new variable, it is pushed onto the stack. Then every time a function
exits, all variables pushed onto the stack by that function, are freed.
 Once a stack variable is freed, that region becomes available for other stack variables.
An important point to understanding stack is that when a function exits, all of its variables are popped
off of the stack and hence lost forever
This means that stack variables are local in nature which is related to a concept of variable scope (e.g.
local vs. global)
For instance a common issue in C++ programming is attempting to access a variable that was created
on the stack inside some function, from a place in your program outside the scope of that function (e.g.
after the function has exited).
Stack grows and shrinks as functions push and pop local variables.
There is no need to manage the memory yourself, variables are allocated and freed automatically
Stack variables only exist while the function that created them, is running
Heap
This is a region of your computers memory that is not managed automatically for you and is not tightly
managed by the CPU.
Heap comes into use when for example you want to dynamically allocate some memory in a C++
program. You reserve memory in the heap and it is you who frees the heap memory after it has been
used
Heap memory is slower to be read from and written to than stack, because one has to use pointers to
access heap memory.
Stack vs. Heap
Stack
- Very fast access
- Dont have to explicitly de-allocate variables
- Space is managed efficiently by CPU
- Memory will not become fragmented
Heap
- Slower access
- No guaranteed efficient use of space
- Memory may become fragmented over time as blocks of memory are allocated, then freed
- You must manage memory, youre in charge of allocation and freeing
Buffer Overflow
We must remember that memory can only be addressed in multiples of word size. A word is 4 bytes (32
bits).
So our 5 byte buffer is going to take 8 bytes (2 words) of memory.
The 10 byte buffer is going to take 12 bytes (3 words) of memory.
So overflow/crash will occur only when the word limit exceeds.
Segmentation Fault
Segmentation fault or access violation is a fault raised by hardware with memory protection, notifying
an operating system (OS) about a memory access violation.
Segmentation faults have various causes, and are a common problem in programs written in the C
programming language, where they arise primarily due to errors in use of pointers and lack of bound
checking.
Buffer Overflow Vulnerabilities
Absence of automatic bounds checking for arrays and pointer access is a major weakness in
programming that leads to buffer overflow attacks.
A buffer overflow bug is one where the programmer fails to perform adequate bounds check, thus
triggering an out-of-bounds memory access that writes beyond the bounds of some memory region.
Attackers can use these out-of-bounds memory accesses to corrupt the programs intended behavior.
Bypassing Authentication
Imagine, elsewhere in the code, there is a login routine that sets the authenticate flag only if the user
proves knowledge of the password.
 Unfortunately when the buffer overflows, as in the previous example, it sets a value to the authenticate
flag to true (or whatever) and the attacker will gain access to the system.
Format String Vulnerabilities
printf is a function in C used to print data and values of variables on to the console in a formatted way.
Buffer Overflow Counter Measures
Use safer languages (Java etc.)
Use of safe libraries
Buffer Overflow protection
Pointer Protection
Executable space protection
ASLR
Check code for bounds checking
Choice of Programming Language
The choice of programming language can have a profound effect on the occurrence of buffer overflows.
A vast body of software having been written in these languages. C and C++ provide no built-in
protection against accessing or overwriting data in any part of memory.
More specifically, they do not check that data written to a buffer is within the boundaries of that buffer.
The Java and .NET Framework environments also require bounds checking on all arrays.
Software engineers must carefully consider the tradeoffs of safety versus performance costs when
deciding which language and compiler setting to use.
Use of Safe Functions
It has also long been recommended to avoid standard library functions which are not bounds checked,
such as gets, scanf and strcpy, strcat etc.
Functions like strncpy and strncat provide bounds checking.
Buffer Overflow Protection
Buffer overflow protection is used to detect the most common buffer overflows by checking that
the stack has not been altered when a function returns
If it has been altered, the program exits with a segmentation fault.
Stronger stack protection is possible by splitting the stack in two: one for data and one for function
returns. This split is present in the Forth language.
Regardless, this is not a complete solution to buffer overflows, as sensitive data other than the return
address may still be overwritten.
Pointer Protection
Buffer overflows work by manipulating pointers (including stored addresses).
PointGuard was proposed as a compiler-extension to prevent attackers from being able to reliably
manipulate pointers and addresses.
The approach works by having the compiler add code to automatically XOR-encode pointers before and
after they are used.
Because the attacker (theoretically) does not know what value will be used to encode/decode the
pointer, he cannot predict what it will point to if he overwrites it with a new value.
Executable Space Protection
Executable space protection is an approach to buffer overflow protection which prevents execution of
code on the stack or the heap.
An attacker may use buffer overflows to insert arbitrary code into the memory of a program, but with
executable space protection, any attempt to execute that code will cause an exception.
Newer variants of Microsoft Windows also support executable space protection, called Data Execution
Prevention.
Enhanced Mitigation Experience Toolkit (EMET)
EMET is designed to make it more difficult for an attacker to exploit vulnerabilities of a software and
gain access to the system.
It supports mitigation techniques that prevent common attack techniques. Primarily related to stack
overflows and the techniques used by malware to interact with the OS as it attempts the compromise.
 It improves resiliency of Windows to the exploitation of buffer overflows.
It marks portions of a processs memory non-executable, making it difficult to exploit memory corruption
vulnerabilities.
Address space layout randomization (ASLR)
It is a computer security technique involved in protection from buffer overflow attacks
In order to prevent an attacker from reliably jumping to a particular exploited function in memory (for
example), ASLR involves randomly arranging the positions of key data areas of a program, including
the base of the executable and the positions of the stack, heap, and libraries, in a process's address
space.
So, the question arises that when variables of a program are stored in stack, why the addresses are
always the same? The answer is that its only true when ASLR is not enabled (true for old programs).
Before ASLR, the OS would try to load programs at the same address. It was quicker to load the
program and allows some optimisation.
ASLR was a major security feature in Windows 7. Then why the problem remains the same? The
answer is that ASLR is implemented in Win7, but not enabled for all programs. Only programs that are
compiled with ASLR enabled flag. Old compilers didn't know about ASLR (it wasn't implemented until
after XP), so that flag isn't set in old programs.

Social Engineering
Social Engineering is the art of convincing people to reveal confidential information
Social engineers depend on the fact that people are unaware of their valuable information and are
careless about protecting it
Valuable information contains, but is not restricted to
Confidential information
Authorization details
Access details
Behaviors Vulnerable to Attacks

Human Nature of trust is the basis of any vulnerable attack

Ignorance about Social Engineering and its effects among the workforce makes the
organization an easy target

Social Engineers might threaten severe losses in case of non-compliance with their requests

Social engineers lure the targets to divulge information by promising something for nothing

Targets are asked for help and they comply out of sense of moral obligation

Risk Factors
Following factors make the companies vulnerable to attacks
Insufficient security training
Easy access of information
Several organizational units
 Lack of security policies
Social Engineering is effective because
Security policies are as strong as their weakest link, and humans are the most susceptible factor
It is difficult to detect social engineering attempts
There is no method to ensure complete security from social engineering
There is no specific software or hardware or defending against a social engineering attack
Phases in Social Engineering Attack
Research on target company
Dumpster diving
Websites
Employees
Tour company etc.
Develop Relationship
Develop relationship with the selected employees
Select Victim
Identify the frustrated employees of the target company
Exploit the relationship
Collect sensitive account information
Financial information
Current technologies
Impact on Organization
Loss of privacy
Dangers of terrorism
Economic losses
Damage of goodwill
Temporary or permanent closure
Lawsuits and arbitrations
Command Injection Attacks
Online. Internet connectivity enable attackers to approach employees from an anonymous internet source
and persuade them to provide information through a believable user.
Telephone. Request information, usually through the limitation of a legitimate user, either to access the
telephone system itself or to gain remote access to computer systems.
Personal Approaches. In personal approaches, attackers get information by directly asking for it.
Common Targets
Receptionists and Help Desk personnel
Technical support executives
System administrators
Vendors of target organizations
Users and clients
Human Based Social Engineering
Eavesdropping
Shoulder Surfing
Dumpster Diving
Tailgating
Piggybacking
Computer based Social Engineering
Popup Windows
Windows that suddenly popup while surfing the internet and ask for users information to login or
sign in
Popups trick users into clicking a hyperlink that redirects them to fake web pages asking for
personal information, or downloads malicious programs such as key loggers, Trojans, or spyware
 Hoax Letters. These are emails that issue warnings to users on new viruses, Trojans, or worms that
may harm the users systems
Chain Letters. These are emails that offer free gifts, such as money and software on the condition that
the user has to forward the email to said number of persons
IM & Spam
Gathering personal information by chatting with a selected online user to get info.
Irrelevant, unwanted and unsolicited email to collect the financial or network info.
Phishing
An illegitimate email falsely claiming to be from a legitimate site attempts to acquire the users personal
or account information.
Phishing emails or popups redirect users to fake webpages of mimicking trustworthy sites that ask them
to submit their personal information.
Social Engineering using SMS
The victim receives an SMS ostensibly from verification department of a bank.
It claimed to be urgent and that victim should call the included phone number immediately. In worry, the
victim calls to check with his account.
He called thinking it was a Bank customer service number, and it was actually a recording asking him to
provide him the credit or debit card information.
Unsurprisingly, the victim revealed the sensitive information due to fraudulent texts.
Insider Attack
Spying: Competitors hire spy in other organizations.
Revenge: If just takes one disgruntled employee and the company is compromised.
Preventing insider Attacks
Separation and Rotation of duties
Least privilege
Controlled Access
Logging and Auditing
Legal policies
Archive critical data
Intrusion Tactics & Strategies for Prevention

Area of Risk Attackers Tactics Combat Strategy

Phone (Help Impersonation and Train employees/help desk to never share

Desk) Persuasion or reveal passwords
Assign PINs to all employees to facilitate
help desk

Building Unauthorized Physical Tight security, employee training, security

Entrance Access offices

Office Shoulder Surfing Never type passwords in presence of

Wandering through halls others
looking for open offices Escort all guests

SE on Facebook
Attackers create a fake user group on Facebook identified as Employees of the coy
Using a false identity, attacker then proceeds to friend, or invite employees to the fake group,
Employees of the company
Users join the groups and provide their credentials such as date of birth, educational and employment
backgrounds, personal information etc.
 Using details of any of the employee, attacker can compromise a secured facility in order to gain access
to the building
Risks of SE on Corporate Networks

A social networking site is an enormous database accessed by many individuals,

increasing risk of information exploitation

In absence of a strong policy, employees may unknowingly post sensitive data about their
company on social networking sites

Information on social networking sites could be used for preliminary reconnaissance in a

targeted attack

All social networking sites are subject to flaws and bugs that may lead to vulnerabilities in
the companys networks

Identity Thefts
Theft of Personal Information: Identity theft occurs when someone steals your name and other
personal information for fraudulent purposes.
Loss of Social Security Numbers: It is a crime in which an imposter obtains personal information, such
as Social Security or drivers license numbers.
Easy Methods: Cyber space has made it easier for identity thief to use info for fraudulent purposes.
SE Counter Measures
Password Policies
Periodic password change
Avoiding guessable passwords
Account blocking after failed attempts
Length and complexity of passwords
Secrecy of passwords
Physical Security Policies
Identification of employees by issuing ID cards etc.
Escorting the visitors
Accessing area restrictions
Proper shedding of useless documents
Employing security personnel
Training
Efficient trg prog should consist of all security policies and methods to inc awareness on social engg
Operational Guidelines
Ensure security of the sensitive information and authorized use of resources
Classification of Information
Access Privileges
Employee Background Check and proper Termination
Proper Incident Response Team
Two factor Authentication
Anti-Virus/Anti-Phishing Defenses
Change Management