Week 8 reading and article

Social engineering is an often overlooked form of security threat for an organization. In some cases you could probably argue that social engineering might be the easiest way to launch an attack on an organization.

Social engineering attacks generally have 4 steps to the cycle. Information gathering, developing relationship, exploitation, execution. Like anything in Cyber Security these lines tend to blur and there can be different steps but for the most part these 4 are always present.

Examples of social engineering can be as simple as getting to know an administrator and asking for a password or taking advantage of a nice employee who holds a door open to a data center giving you the benefit of the doubt that you should have legitimate access.

Question for the class: Have you ever been placed in a position where you had to be conscious of potential social engineering attacks?

Article: http://www.zdnet.com/article/here-is-how-internet-experts-plan-to-fix-poor-security/

This is about a plan frown up by 260 internet experts with the goal of making routers more secure and as a result the internet more secure. The full proposals sent to the FCC is found here https://www.fcc.gov/article/fcc-15-92a2 .

The summary given in the article:

“The experts said routers should be open-source so their code should be made public and available for review. Additionally, manufacturers should assure that any router firmware updates are under the owner’s control rather than the manufacturers and they should allow for a 45-day patch window for vulnerabilities for five-years after the device ships.

If, say the experts, the companies fail to comply, the FCC could decertify existing products or, in severe cases, bar new products from that vendor from reaching the market.”