Pascal's TechBlog

Wednesday, November 23, 2005

The Art Of Deception

I just finished reading The Art Of Deception by Kevin D. Mitnick. It's an excellent book, really! The situation sketches are (mostly) very plausible, and at the end of every sketch advice is given to prevent the social engineering attack.

Mitnick clearly explains how the following attack vectors are used to coerce people into doing stuff for social engineers:
  • Authority
  • Liking
  • Reciprocation
  • Consistency
  • Social Validation
  • Scarcity
The last chapter contains a listing of useful information security policies, which can help mitigate intrusion risks when properly implemented. It's all about balance, security measures shouldn't be too bothersome, or employees will start circumventing them for speed and comfort.

If you are already kept up at night by worrying about potential security issues, this book will drive you mad, or if you really implement the given advice, it might restore your sanity.

2 Comments:

Post a Comment

<< Home