Wednesday, November 11, 2009

Piggybacking or Tailgating

When preparing for the CompTIA Security+ (SY0-201) exam, you should understand different social engineering tactics such as piggybacking or tailgating.

Piggybacking or tailgating occurs when one user follows closely behind another user without using valid credentials. Some organizations require access methods such as smart cards, or proximity cards to gain access to secure areas. Ideally, each person would use his access card and the door would close behind him. Often, what happens is that one person uses his card, and others follow behind without using their access card.

Piggybacking can be thwarted with the use of mantraps or security guards.

A mantrap can be as simple as a turnstile similar to what you’ve seen in subway stations or bus terminals. Only a single person can get through. Simple, but effective. Can you imagine two men trying to go through the same turnstile? Neither can I.

A turnstile that requires each person to provide credentials (such as swiping a smart card or proximity card) but will lock as soon as that person gets through. More sophisticated mantraps allow a person to walk through a revolving cage, and the cage can be locked after the person enters, but before the person is through. This effectively locks the person inside the mantrap.

Other social engineering tactics you should know about are:

Good luck with your studies.

Darril Gibson
CompTIA Security+: Get Certified Get Ahead: SY0-201 Study Guide