Since we were on the subject of social engineering of last weeks class. I thought this was an interesting article dealing with the university that we all attend. This is a case of a student using her Target gift card to get pass security. The student acted like she belonged and she was able to not get security to really look to see if she had an ID, which is needed to get in most of the buildings on campus.
Thanks for posting this article:
Complacency is a serious issue when trying to enforce physical security with security guards. The problem with security guards is they are human, they get bored, they get complacent and unless there’s something that makes them “get on their toes,” like pressure from higher management or an actual threat, they would not take it seriously. Even during my time in the military, I’ve seen duty officers falling asleep while on duty or not checking Id’s when required. It gets a little more difficult when you factor in union laborers, which makes it extremely difficult to reprimand for non-performance.
Good article, its straight to the point and shows why physical security is an important factor when it comes to cyber security. Once someone gains access to a building mischief can began. You’re only as strong as your weakest link. No matter how great your IT infrastructure is, someone gaining access to a secure area can easily take down your network and cause chaos.
Thanks for sharing this Brent. Let’s sign this student up for the ITACS program!
Hopefully this student’s efforts and the recent attacks on campus are a good reminder of the importance of strong physical security measures on campus.
Not surprising, I don’t spend much time on campus but I see the same faces posted at the same entrances and they never seem happy or engaged. While its hard to tell students apart from someone who may be looking to do something bad they will hopefully stop someone who erratic or totally out of place. But I think this type of security is also more of a deterrent than anything else.
Social engineering is an important part of Cyber Security and this article is a good example to prove it. Someone used to get away with something similar at the Ambler campus several years ago. The person used to have a red parking sticker from another school on the back of a rear mirror. Therefore, nobody never bothered verifying whether the sticker was authentic since Temple’s required parking sticker was also red at that time. This is something a person could get away with for an entire semester.