In weniger als einer Minute können Sie mit dem Lesen von Social Engineering in IT Security auf Ihrem Kindle beginnen. Sie haben noch keinen Kindle? Hier kaufen Oder fangen Sie mit einer unserer gratis Kindle Lese-Apps sofort an zu lesen.

An Ihren Kindle oder ein anderes Gerät senden

 
 
 

Kostenlos testen

Jetzt kostenlos reinlesen

An Ihren Kindle oder ein anderes Gerät senden

Jeder kann Kindle Bücher lesen  selbst ohne ein Kindle-Gerät  mit der KOSTENFREIEN Kindle App für Smartphones, Tablets und Computer.
Der Artikel ist in folgender Variante leider nicht verfügbar
Keine Abbildung vorhanden für
Farbe:
Keine Abbildung vorhanden

 

Social Engineering in IT Security: Tools, Tactics, and Techniques [Kindle Edition]

Sharon Conheady

Kindle-Preis: EUR 21,10 Inkl. MwSt. und kostenloser drahtloser Lieferung über Amazon Whispernet

Weitere Ausgaben

Amazon-Preis Neu ab Gebraucht ab
Kindle Edition EUR 21,10  
Taschenbuch EUR 28,13  

Kunden, die diesen Artikel angesehen haben, haben auch angesehen


Produktbeschreibungen

Kurzbeschreibung

Cutting-edge social engineering testing techniques


"Provides all of the core areas and nearly everything [you] need to know about the fundamentals of the topic."--Slashdot Conduct ethical social engineering tests to identify an organization's susceptibility to attack. Written by a global expert on the topic, Social Engineering in IT Security discusses the roots and rise of social engineering and presents a proven methodology for planning a test, performing reconnaissance, developing scenarios, implementing the test, and accurately reporting the results. Specific measures you can take to defend against weaknesses a social engineer may exploit are discussed in detail. This practical guide also addresses the impact of new and emerging technologies on future trends in social engineering.
  • Explore the evolution of social engineering, from the classic con artist to the modern social engineer
  • Understand the legal and ethical aspects of performing a social engineering test
  • Find out why social engineering works from a victim's point of view
  • Plan a social engineering test--perform a threat assessment, scope the test, set goals, implement project planning, and define the rules of engagement
  • Gather information through research and reconnaissance
  • Create a credible social engineering scenario
  • Execute both on-site and remote social engineering tests
  • Write an effective social engineering report
  • Learn about various tools, including software, hardware, and on-site tools
  • Defend your organization against social engineering attacks

Über den Autor und weitere Mitwirkende

Sharon Conheady is a director at First Defence Information Security in the UK where she specializes in social engineering. She has presented on the topic at security conferences worldwide and regularly leads training seminars on how to perform ethical social engineering tests and defend against social engineers.

Produktinformation

  • Format: Kindle Edition
  • Dateigröße: 9413 KB
  • Seitenzahl der Print-Ausgabe: 272 Seiten
  • Gleichzeitige Verwendung von Geräten: Bis zu 4 Geräte gleichzeitig, je nach vom Verlag festgelegter Grenze
  • Verlag: McGraw-Hill Osborne Media; Auflage: 1 (4. August 2014)
  • Verkauf durch: Amazon Media EU S.à r.l.
  • Sprache: Englisch
  • ASIN: B00LI3640S
  • Text-to-Speech (Vorlesemodus): Aktiviert
  • X-Ray:
  • Amazon Bestseller-Rang: #144.706 Bezahlt in Kindle-Shop (Siehe Top 100 Bezahlt in Kindle-Shop)

  •  Ist der Verkauf dieses Produkts für Sie nicht akzeptabel?

Mehr über den Autor

Entdecken Sie Bücher, lesen Sie über Autoren und mehr

Kundenrezensionen

Es gibt noch keine Kundenrezensionen auf Amazon.de
5 Sterne
4 Sterne
3 Sterne
2 Sterne
1 Sterne
Die hilfreichsten Kundenrezensionen auf Amazon.com (beta)
Amazon.com: 5.0 von 5 Sternen  2 Rezensionen
4 von 4 Kunden fanden die folgende Rezension hilfreich
5.0 von 5 Sternen Effective guide on which to build a social engineering testing program 21. August 2014
Von Ben Rothke - Veröffentlicht auf Amazon.com
Format:Taschenbuch
When I first got a copy of Social Engineering in IT Security Tools, Tactics, and Techniques by Sharon Conheady, my first thought was that it likely could not have much that Christopher Hadnagy didn't already detail in the definitive text on the topic: Social Engineering: The Art of Human Hacking. Obviously Hadnagy thought differently, as he wrote the foreward to the book; which he found to be a valuable resource.

While there is overlap between the two books; Hadnagy takes a somewhat more aggressive tool-based approach, while Conheady's book takes a somewhat more passive, purely social approach to the topic. There are many more software tools in Hadnagy; while Conheady doesn't reference software tools until nearly half-way through the book.

This book provides an extensive introduction to the topic and details how social engineering has evolved through the centuries. Conheady writes how the overall tactics and goals have stayed the same; while the tools and techniques have been modified to suit the times.

Coming in at about 250 pages, the book finds a good balance between high-level details and actionable tactical things to execute on. Without getting bogged down in filler.

Since the social engineering tools and techniques only get better, the advantage Conheady's book has it that it details a lot that has changed in the 4 years since Hadnagy's book came out.

Conheady writes about mumble attacks, which are telephone-based social engineering attacks that are targeted at call center agents. The social engineer will pose as a speech-impaired customer or as a person calling on behalf of the speech-impaired customer. The goal of this method is to make the victims; in this case call center agents feel awkward or embarrassed and release the desired information. Given the pressure in which most call center agents are under; this is a simple yet highly effective attack.

Like Hadnagy, this also has a detailed social engineering test methodology. Conheady details a methodology with 5 stages: planning and target identification, research and reconnaissance, scenario creation, attack execution and exit, and reporting. She notes that one does not have to be a slave to the methodology, and it can be modified depending on the project.

Social engineering can often operate on the limit of what is legal and ethical. The author goes to great lengths to write what the ethical and legal obligations are for the tester.
The book is filled with lots of practical advice as Conheady is seasoned and experienced in the topic. From advice to dealing with bathrooms as a holding location, gaining laptop connectivity and more; she writes of the many small details that can make the difference between a successful social engineering test and a failed one.

The book also details many areas where the job of the social engineer is made easy based on poor security practices at the location. Chapter 7 details how many locations have access codes on doors often don't do much to keep social engineers out. Many doors have 4-character codes, and she writes that she has seen keypads where the combination numbers have been so worn down that you can spot them straightaway.

As noted earlier, the book focuses more on the human techniques of social engineering than on software tools. She does not ignore that tools and in chapter 9 provides a list of some of the more popular tools to use, including Maltego, Cree.py and others. She also has lists of other tools to use such as recording devices, bugging devices, phone tools and more.

With all those, she still notes that the cell phone is the single most useful item you can bring with you on a social engineering test. She writes that some of the many uses a cell phone has is to discourage challengers, fake a call to look busy, use the camera and more.

While most of the book is about how to execute a social engineering test, chapter 10 details how you can defend against social engineering. She notes that it is notoriously difficult to defend against social engineering because it targets the weakest link in the security chain: the end-user. She astutely notes that a firm can't simply roll out a patch and immunize its staff against the latest social engineering attack. Even though there are vendors who make it seem like you can.

The chapter also lists a number of indicators that a firm may be experiencing a social engineering attack.

Hadnagy's Social Engineering: The Art of Human Hacking is still the gold-standard on the topic. But Social Engineering in IT Security Tools, Tactics, and Techniques certainly will give it a run for the money.

Hadnagy's approach to social engineering is quite broad and aggressive. Conheady takes more of a kinder, gentler approach to the topic.

For those that are looking for an effective guide on which to build their social engineering testing program on, this certainly provides all of the core areas and nearly everything they need to know about the fundamentals of the topic.
0 von 1 Kunden fanden die folgende Rezension hilfreich
5.0 von 5 Sternen Social Engineering - Working with a Superstar 29. August 2014
Von Jon Fisher - Veröffentlicht auf Amazon.com
Format:Taschenbuch
I’ve just spent the last few days reading Sharon Conheady’s book ‘Social Engineering in IT Security: Tools, Tactics, and Techniques’ published by McGraw-Hill.
I must make clear that I know Sharon as I work at First Defence Information Security Limited where she is one of the Directors, but my interest in her book transcends our working relationship and errs more towards the realms of my status as a FAN.
Sharon’s reputation precedes her (this is one of the reasons I decided to Join First Defence in the first place), and her experience, thoughts and innovations are distilled into the book in fantastic detail. Those of you who have seen her speak at conferences and seminars around the world will be familiar with her style and extensive catalogue of ‘war stories’ – you’ll find all of this and more packed into the book.
A proportion of the book is dedicated to the mechanics of Social Engineering testing – the legalities, ethics, tools and how to go about producing a useful client-facing report. There are tips and thoughts scattered throughout the chapters for those planning how to go about performing a test, as well as insights into how attacks are planned and executed for those looking at how to protect themselves and their business.
My particular favourite aspects of the book are the historic and cultural examples of Social Engineering in action, and the use of some up-to-the-minute references to relatively recent news stories.
In my role as Sales Consultant at First Defence, having such a star in our midst certainly helps in the many conversations I have with current and prospective clients about how we might help them with the understanding of their information security risks, and how we might help them make improvements.
As a fan, I can safely say that the book satisfies my desire to have all Sharon’s years of experience crystallised into a logical and helpful form. ……… As an Information Security Professional, I can also attest to the fact that having the latest thinking to hand helps me in how I approach my clients’ challenges……………. As an employee of First Defence – I can only say that having one of the top Social Engineering talents in the world as a boss certainly makes my life easier (although busier!).
Waren diese Rezensionen hilfreich?   Wir wollen von Ihnen hören.

Kunden diskutieren

Das Forum zu diesem Produkt
Diskussion Antworten Jüngster Beitrag
Noch keine Diskussionen

Fragen stellen, Meinungen austauschen, Einblicke gewinnen
Neue Diskussion starten
Thema:
Erster Beitrag:
Eingabe des Log-ins
 

Kundendiskussionen durchsuchen
Alle Amazon-Diskussionen durchsuchen
   


Ähnliche Artikel finden