Questions On Software Engineering Process

2819 Words12 Pages
Special Topic Report CMPE285 Software Engineering Process Prof. Weider Yu TEAM MEMBERS: Prudhvi Chandra chandra.prudhvi89@gmail.com 009268610 Raghav Gangal raghav.gangal@gmail.com 1. Introduction 1.1. What is social engineering? Social engineering is a non-technical method of intrusion that hackers uses in which Instead of technical attacks on systems, humans with access to information are the target for social engineers, influencing them into disclose confidential information or even into carrying out their malicious attacks through influence and persuasion. It is the art of getting users to mutually share information systems. In today 's scenario, it is one of the greatest threats that organizations…show more content…
1.4. Social Engineering Pitfalls: The following are the social engineering pitfalls, they are technical pitfalls and organizational pitfalls, 1.3. How social engineering is performed? A social engineer runs a "con game." For example, a social engineer in order to break into a computer network tries to gain the confidence of an authorized user person and convinces them to reveal crucial information that reveals the network 's security. They often rely on the natural helpfulness as well as on weaknesses of the people. For example, they might call the authorized employee with any kind of urgent problem which requires immediate network access. 1.4. Types of social engineering attacks 1.4.1. Baiting. It is when an attacker leaves a malware-infected physical device, such as a CD-ROM or USB flash drive is left in the open for a target to find. The finder then picks up the device and succumbing to curiosity uses it onto his or her computer, without any intention of installing the malware. Defense - Don’t access that disk, you don’t know where it’s been. 1.4.2. Pretexting. It is when one party lies to another party to gain access to privileged data. Typical pretexting examples are the fake IT staffer asking for your password to do system maintenance, or the false investigator performing a company audit. Defense - Nobody needs your password, ever. 1.4.3.
Open Document