0% found this document useful (0 votes)

76 views

CEH Lesson 6 - Social Engineering

This lesson discusses physical security, social engineering, and related topics. It covers threats to physical security from natural events, man-made threats, equipment failure and loss of utility. It then describes various equipment controls for physical security including locks, lock grades, and techniques for bypassing locks. The lesson also discusses social engineering techniques like scarcity, authority and consistency that trick people into providing sensitive information. It concludes with an overview of policies and procedures for physical and data security.

Uploaded by

Louise Real

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PPT, PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

76 views

CEH Lesson 6 - Social Engineering

Uploaded by

Louise Real

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PPT, PDF, TXT or read online on Scribd

You are on page 1/ 17

Certified Ethical Hacker

Lesson 6
Physical Security and Social
Engineering
Lesson 6
Objectives

After reading this lesson you will be able to:

 Understand the role of physical security
 Identify the threats to physical security
 Describe equipment controls that could be used
to enhance physical security
 Describe social engineering techniques
Threats to Physical Security

 Can be caused by natural events, man-made events,

utility loss, or equipment failure
 Natural events:
– Floods
– Fire
– Hurricanes and tropical storms
– Tidal waves
– Earthquakes
– Other natural events
Threats to Physical Security cont.

 Man-made threats:
– Theft
– Vandalism
– Destruction
 Equipment failure:
– Mean Time Between Failure (MTBF)
– Mean Time to Repair (MTTR)
 Loss of utility
Equipment Controls
 Locks
– Mechanical
• Warded locks
• Tumbler locks
– Keypad and combination locks
• Basic combination lock
• Programmable cipher lock
– Master key locks
– Device locks
– Ace locks
 Lock grades
– Grade 1 – provides highest security
– Grade 2
– Grade 3 – weakest design
Equipment Controls

 Lock bypassing techniques

– Bump keys
– Lock picking
– Shimmming
 Fax Machines
– Must be placed in secure location.
– If the fax machine uses ribbons or roll refills, those
need to be shredded.
Area Controls

 Solid doors for server rooms

 True floor-to-ceiling walls
 Windows
 Closed-circuit TV cameras
Location Data and Geotagging

 Location data is typically collected in latitudes and

longitudes
 Location data can be collected by
– Geotagging
– Smartphone triangulation
Facility Controls

 Fences
 Lights
 Guards
 Dogs
 Gates
 Locks
 Bollards
 Turnstile
 Mantraps
Personal Safety Controls

 Fire prevention and detection systems:

– Heat activated
– Smoke activated
 Fire suppression systems:
– Class A
– Class B
– Class C
– Class D
Physical Access Control

 Authentication:
– Passwords and pin numbers – something you know
– Tokens, smart cards, and magnetic strip cards – something you
have
– Biometrics – something you are:
• Considered a strong form of authentication
• Fingerprints
• Facial scans
• Hand geometry
• Palm scan
• Retina pattern
• Iris recognition
• Voice recognition
Social Engineering

 Tricking someone into providing information or giving

something they should not
 Types of social engineering:
– Scarcity
– Authority
– Liking
– Consistency
– Social validation
– Reciprocation
Person-to-Person-Based Social
Engineering
 Works on a personal level by using one of the following
techniques
– Important user
– Third–party authorization
– Masquerading
– In person
Computer-Based and Reverse
Social Engineering
 Uses software to retrieve information:
– Pop-up windows
– Email attachments
– Smartphone
– Social networking
– Websites
 Reverse social engineering:
– Sabotaging someone else’s equipment and offering
to fix the problem
Policies and Procedures

 Employee Hiring and Termination policies

 Help Desk Procedures and Password Change policies
 Employee identification
 Privacy policies
Governmental and Commercial
Data Classification
 Governmental information classification systems:
– Unclassified
– Confidential
– Secret
– Top secret
 Commercial information classification system:
– Public
– Sensitive
– Private
– Confidential
Lesson 6
Summary
 Explain the threats to physical security.
 Explain how equipment controls could be used to
enhance physical security.
 Describe how biometric devices could be used for
authentication.
 Describe the types of access control.
 Describe social engineering attacks.
 Describe policies and procedures.

[FREE PDF sample] GCIH GIAC Certified Incident Handler All-in-One Exam Guide Nick Mitropoulos ebooks
No ratings yet
[FREE PDF sample] GCIH GIAC Certified Incident Handler All-in-One Exam Guide Nick Mitropoulos ebooks
41 pages
Ethical Hacking Fundamentals Labs
No ratings yet
Ethical Hacking Fundamentals Labs
2 pages
Ee PDF 2023-Aug-30 by Ken 274q Vce
No ratings yet
Ee PDF 2023-Aug-30 by Ken 274q Vce
11 pages
LPTv4 Module 15 Pre Penetration Testing Checklist NoRestriction PDF
100% (1)
LPTv4 Module 15 Pre Penetration Testing Checklist NoRestriction PDF
52 pages
Problem Face by Canon Canon Is Still
100% (1)
Problem Face by Canon Canon Is Still
5 pages
CEH Lesson 4 - Snipping, Session Hijacking, and DoS
No ratings yet
CEH Lesson 4 - Snipping, Session Hijacking, and DoS
25 pages
Mitre Attack
No ratings yet
Mitre Attack
3 pages
CEH Notes
No ratings yet
CEH Notes
12 pages
EC-Council - CEH v8 Labs Module 00 Lab Manual 2013
No ratings yet
EC-Council - CEH v8 Labs Module 00 Lab Manual 2013
4 pages
Prakt 8 - Openssl Demo Encrypting Decrypting Files Using Both Symmetric and Asymmetric Encryption PDF
No ratings yet
Prakt 8 - Openssl Demo Encrypting Decrypting Files Using Both Symmetric and Asymmetric Encryption PDF
6 pages
Assignment 2 - Answers
No ratings yet
Assignment 2 - Answers
6 pages
Lecture3 SSD Israfil
No ratings yet
Lecture3 SSD Israfil
40 pages
Sans 504
No ratings yet
Sans 504
1 page
NTLM Kerberos and Public Key Cryptography (1) 55-1
No ratings yet
NTLM Kerberos and Public Key Cryptography (1) 55-1
27 pages
OWASP Top 10 API Security Risks - 2023
No ratings yet
OWASP Top 10 API Security Risks - 2023
39 pages
Pstools
100% (5)
Pstools
13 pages
CEH v9 Notes
No ratings yet
CEH v9 Notes
39 pages
FTK Complete Practical Guide
No ratings yet
FTK Complete Practical Guide
43 pages
Nessus Lab V12nov07
No ratings yet
Nessus Lab V12nov07
6 pages
Security Lab 7
No ratings yet
Security Lab 7
9 pages
Certified Ethical Hacker CEH Exam Cram 1st Edition Easttom Ii 2024 Scribd Download
100% (1)
Certified Ethical Hacker CEH Exam Cram 1st Edition Easttom Ii 2024 Scribd Download
62 pages
CTF - Kioptrix Level 4 - Walkthrough Step by Step: @hackermuxam - Edu.vn
No ratings yet
CTF - Kioptrix Level 4 - Walkthrough Step by Step: @hackermuxam - Edu.vn
12 pages
Ccs Module 2
No ratings yet
Ccs Module 2
85 pages
Hunting For Vulnerabilities Using Metasploit
No ratings yet
Hunting For Vulnerabilities Using Metasploit
12 pages
Chapter 5 and 6
No ratings yet
Chapter 5 and 6
22 pages
Lab 1 - Footprinting Using NIKTO and Theharvester
No ratings yet
Lab 1 - Footprinting Using NIKTO and Theharvester
2 pages
Roadmap to OSCP
No ratings yet
Roadmap to OSCP
58 pages
My CEHpractica Lcheat Sheet
No ratings yet
My CEHpractica Lcheat Sheet
6 pages
10 Years of Windows Privilege Escalation With Potatoes
No ratings yet
10 Years of Windows Privilege Escalation With Potatoes
58 pages
Mayur Kumar Jain - (Resume)
No ratings yet
Mayur Kumar Jain - (Resume)
3 pages
FFUF Notes
100% (1)
FFUF Notes
3 pages
Pentesting Active Directory
No ratings yet
Pentesting Active Directory
1 page
100 Vulnerabilities
No ratings yet
100 Vulnerabilities
4 pages
As Assignment 2
No ratings yet
As Assignment 2
16 pages
Mimikatz Phdays
No ratings yet
Mimikatz Phdays
51 pages
my notes
No ratings yet
my notes
4 pages
Penetration Testing
No ratings yet
Penetration Testing
12 pages
Ceh Quizlet
No ratings yet
Ceh Quizlet
13 pages
Ec Council.2passeasy.312 50v12.PDF.2022 Oct 21.by - Christopher.169q.vce
No ratings yet
Ec Council.2passeasy.312 50v12.PDF.2022 Oct 21.by - Christopher.169q.vce
16 pages
Eccouncil Pre - 312-50v12 50q-DEMO
No ratings yet
Eccouncil Pre - 312-50v12 50q-DEMO
25 pages
Ebook CISSP Domain 05 Identity and Access Management (IAM)
No ratings yet
Ebook CISSP Domain 05 Identity and Access Management (IAM)
84 pages
Linux Incident Response
No ratings yet
Linux Incident Response
18 pages
Forensics
No ratings yet
Forensics
3 pages
Security Plus SY0-701 Domain 4 Handout
No ratings yet
Security Plus SY0-701 Domain 4 Handout
275 pages
Test Ceh
No ratings yet
Test Ceh
80 pages
Presented By: Intrusion Detection Sysytem
No ratings yet
Presented By: Intrusion Detection Sysytem
15 pages
6 Analysis & Validation Xid-10936710 2
No ratings yet
6 Analysis & Validation Xid-10936710 2
34 pages
CISSP - Domain 2
No ratings yet
CISSP - Domain 2
19 pages
Kerberos Architecture
No ratings yet
Kerberos Architecture
11 pages
OpenSSL
No ratings yet
OpenSSL
19 pages
SMB Access From Linux
No ratings yet
SMB Access From Linux
2 pages
Module 02 - Penetration Testing Scoping and Engagement Methodology
No ratings yet
Module 02 - Penetration Testing Scoping and Engagement Methodology
50 pages
Chapter 1-4
No ratings yet
Chapter 1-4
135 pages
DNSRecon
No ratings yet
DNSRecon
15 pages
Pentesting Wifi - HackTricks - HackTricks
No ratings yet
Pentesting Wifi - HackTricks - HackTricks
31 pages
Module 9: Configuring IPsec
No ratings yet
Module 9: Configuring IPsec
25 pages
Splunk SSL Presentation
No ratings yet
Splunk SSL Presentation
44 pages
XSS (Cross Site Scripting) Prevention Cheat Sheet
No ratings yet
XSS (Cross Site Scripting) Prevention Cheat Sheet
11 pages
Intrusion detection system Standard Requirements
From Everand
Intrusion detection system Standard Requirements
Gerardus Blokdyk
No ratings yet
Network Security Complete Self-Assessment Guide
From Everand
Network Security Complete Self-Assessment Guide
Gerardus Blokdyk
No ratings yet
Configuring IPCop Firewalls: Closing Borders with Open Source
From Everand
Configuring IPCop Firewalls: Closing Borders with Open Source
Barrie Dempster
No ratings yet
Cheats
No ratings yet
Cheats
40 pages
ANDROID
No ratings yet
ANDROID
13 pages
NasbyG - 2022 - Intro To Cybersecurity For SCADA ISA 62443 - CanadianWaterConference - Nov2021 - Slides
No ratings yet
NasbyG - 2022 - Intro To Cybersecurity For SCADA ISA 62443 - CanadianWaterConference - Nov2021 - Slides
43 pages
Police Verification Page - Ravi T
No ratings yet
Police Verification Page - Ravi T
1 page
Porter's Generic Competitive Strategies (Ways of Competing)
No ratings yet
Porter's Generic Competitive Strategies (Ways of Competing)
2 pages
Forms BIP v22
100% (1)
Forms BIP v22
31 pages
Mil STD 1528a
No ratings yet
Mil STD 1528a
21 pages
Process Synchronization: Silberschatz, Galvin and Gagne ©2009 Operating System Concepts - 8 Edition
No ratings yet
Process Synchronization: Silberschatz, Galvin and Gagne ©2009 Operating System Concepts - 8 Edition
28 pages
Sspaperss
No ratings yet
Sspaperss
8 pages
Agile Quality Assurance
100% (1)
Agile Quality Assurance
269 pages
Swift Fees
100% (4)
Swift Fees
2 pages
MNG4801_2025_TL_101_Assignment 1 (10)
No ratings yet
MNG4801_2025_TL_101_Assignment 1 (10)
46 pages
Computer Networks Laboratory Manual - V4
No ratings yet
Computer Networks Laboratory Manual - V4
54 pages
Would You Rather: O Orriiggiinnaall
No ratings yet
Would You Rather: O Orriiggiinnaall
4 pages
Diagnostic Tos Math10
No ratings yet
Diagnostic Tos Math10
2 pages
Bluegiga Bluetooth Smart Software: Release Notes Wednesday, 6 February 2019
No ratings yet
Bluegiga Bluetooth Smart Software: Release Notes Wednesday, 6 February 2019
6 pages
Infoblox Deployment Guide Implementing Infoblox Reporting and Analytics
No ratings yet
Infoblox Deployment Guide Implementing Infoblox Reporting and Analytics
32 pages
World and Human Action Models towards gameplay ideation_small
No ratings yet
World and Human Action Models towards gameplay ideation_small
20 pages
202005031242173294rajiv Applied E Banking Updated
No ratings yet
202005031242173294rajiv Applied E Banking Updated
8 pages
Intel® Storage Server SSR212MC2: Technical Product Specification
No ratings yet
Intel® Storage Server SSR212MC2: Technical Product Specification
47 pages
Gautam Kumar Sah Resume
No ratings yet
Gautam Kumar Sah Resume
2 pages
Senior Technician, Fire & Gas Maintenance - ADNOC OFFSHORE - JD
No ratings yet
Senior Technician, Fire & Gas Maintenance - ADNOC OFFSHORE - JD
2 pages
REG670 VER2.2.4 Technical Manual
No ratings yet
REG670 VER2.2.4 Technical Manual
1,378 pages
FUNCTIONS & Relations
No ratings yet
FUNCTIONS & Relations
30 pages
3O Mariot F-006 - Junior Deck Officer's Familiarization Checklist & Handover Record
No ratings yet
3O Mariot F-006 - Junior Deck Officer's Familiarization Checklist & Handover Record
8 pages
Dpmo Wwk-03 (Jan 2019)
No ratings yet
Dpmo Wwk-03 (Jan 2019)
89 pages
Canon Rock Tab by Jerryc at Ultimate-Guitar
100% (2)
Canon Rock Tab by Jerryc at Ultimate-Guitar
13 pages
Smart Kitchen Management Gas Leakage Detection
No ratings yet
Smart Kitchen Management Gas Leakage Detection
17 pages
Verilog Lab 201101 PDF
No ratings yet
Verilog Lab 201101 PDF
28 pages

Uploaded by

Uploaded by

Certified Ethical Hacker

After reading this lesson you will be able to:

 Can be caused by natural events, man-made events,

 Lock bypassing techniques

 Solid doors for server rooms

 Location data is typically collected in latitudes and

 Fire prevention and detection systems:

 Tricking someone into providing information or giving

 Employee Hiring and Termination policies

You might also like