Tuesday, November 10, 2009

Impersonation

When preparing for the CompTIA Security+ (SY0-201) exam, you should understand different social engineering tactics such as impersonation.

Impersonation is a social engineering tactic where an attacker impersonates someone, such as a repair technician, to gain access to a secured area. A repair technician shows up at the door and says I’m here to work on the phones (or server, or routers, or whatever).

Once the attacker gains access, he can steal the hardware, install malware, or install other hardware such as a protocol analyzer connected to the network and broadcasting the captured packets via a wireless access point.

Identity verification methods can also be used to thwart impersonation attempts. In other words, employees should be trained to verify visitors are who they say are.

Other social engineering tactics you should be know about are:
  • Phishing
  • Piggybacking or tailgating
  • Dumpster diving
  • Shoulder surfing
Good luck with your studies.

Darril Gibson
CompTIA Security+: Get Certified Get Ahead: SY0-201 Study Guide