WARNING: This site is intended for online use only; mass-downloading of pages degrades the server and is prohibited.
If you attempt to use tools to mass-download the site, you may be blocked permanently by automated software.
If you want to read this CertiGuide offline, please use one of the links on the left to purchase a convenient PDF copy. Thank you.

Like this CertiGuide? Get it in PDF format!
Click Here!
Use coupon code "certiguide" to save 20%!
(Expires 2004/12/31)

Also available: 300-question Security+ practice test!
Get It Here!

Google
Web CertiGuide






Table Of Contents  CertiGuide to Security+
 9  Chapter 5:  Operational/Organizational Security (Domain 5.0; 15%)
      9  5.1  Physical Security

Previous Topic/Section
5.1.1.2  Biometrics
Previous Page
Pages in Current Topic/Section
1
Next Page
 5.1.3  Environment
Next Topic/Section

5.1.2  Social Engineering

Operational Security + Social Engineering = User Awareness Training416. There are two considerations that come into play. The first is competitive intelligence417. Employees have access to the data in order to do work. An unhappy worker could sell valuable data to a competitor418. Honest employees need to keep aware of the fact somebody wants your data. If the data is valuable to your company, it is valuable to your competitors.

Secondly, setting aside data, consider other assets, such as the phone system. A hacked phone system can be used for:

  • Making long distance phone calls billed to the company.

  • Compromising voice mail.

  • Retrieving phone numbers of customers and prospects.

[spacer]Scam

The scammer calls pretending to be a telephone service technician performing a test on the line. He asks that you transfer him to an operator by pushing 9, 0, # and then hang up. On some business systems, this can give the caller an outside line that can be used to make long distance calls. Toll charges will then be billed to the owner of the PBX as directly dialed calls.


Identify Contractors

A more direct attack is for the scammer to come in with a tool case and say they are there to work on the PBX. It is possible to be friendly and still challenge the guest for solid proof of identification.



 __________________

416. http://rr.sans.org/securitybasics/awareness.php

417. http://security1.gartner.com/story.php.id.12.s.1.jsp

418. http://www.cio.com/archive/060102/doom.html

Previous Topic/Section
5.1.1.2  Biometrics
Previous Page
Pages in Current Topic/Section
1
Next Page
 5.1.3  Environment
Next Topic/Section

If you find CertiGuide.com useful, please consider making a small Paypal donation to help the site, using one of the buttons below. You can also donate a custom amount using the far right button (not less than $1 please, or PayPal gets most/all of your money!) In lieu of a larger donation, you may wish to consider buying an inexpensive PDF equivalent of the CertiGuide to Security+ from StudyExam4Less.com. (Use coupon code "certiguide" by December 31, 2004 to save 20%!) Thanks for your support!
Donate $2
Donate $5
Donate $10
Donate $20
Donate $30
Donate: $


Home - Table Of Contents - Contact Us

CertiGuide for Security+ (http://www.CertiGuide.com/secplus/) on CertiGuide.com
Version 1.0 - Version Date: November 15, 2004

Adapted with permission from a work created by Tcat Houser et al.
CertiGuide.com Version © Copyright 2004 Charles M. Kozierok. All Rights Reserved.
Not responsible for any loss resulting from the use of this site.