Critical Thinking 2-3: Your Social Engineering Attack
Today's Attacks and Defenses at the beginning of this chapter illustrated how a security researcher could manipulate a help desk support technician into compromising security. If you were to create your own social engineering attack, what would it be? Using your place of employment or school, first determine exactly what your goal would be in the attack, and then craft a detailed description of how you would carry out the attack using only social engineering to achieve your goal. You might want to search the Internet for examples of previously successful attacks that used social engineering. Why do you think your attack would be successful? Who would be involved? What would be the problems in achieving your goal? Why? Write a one-page paper on your research.
Answer:-
Tailgating
What is Tailgating?
Tailgating is when a broker, financial advisor or another sort of investing agent buys or sells a security for a client, and then proceeds to make the same transaction for himself. While tailgating is not an illegal practice, it is frowned upon and considered unethical by professionals in the field.
KEY TAKEAWAYS
Understanding Tailgating
Tailgating is legal; however, it is also a highly unethical act. It is easily confused with two other investment-related actions, both of which are illegal. Investors and practitioners should be aware that, while it may appear similar, tailgating is not the same thing as the practice of insider trading. While insider trading occurs when the purchase or sale of a security arises from confidential, or proprietary, information, tailgating takes place when the broker takes a cue or trade request from the client with the client's own information, and then places the same trade for his own account based on the information the client provided.
Even though tailgating is not considered illegal by the SEC, the agency can still enforce action against firms that take advantage of the practice to make profits using information provided to them by customers. For example, Merrill Lynch was forced to pay a penalty of $10 million and agree to a cease-and-desist order after the SEC charged the investment bank with misusing information provided by customers to place orders on its proprietary trading desk.
Tailgating should also not be confused with the practice of front-running. While tailgating is seemingly more similar to front-running than it is to insider trading, front-running is an illegal action that occurs when the practitioner uses the investment information the client provided and performs the trade for himself before doing so for the client.
Tailgating is frowned upon, especially by professionals in the investment industry because the investment advisor who tailgates is essentially trying to bank on whatever information the client is personally going by in his trade request. In addition to the ethical issue, tailgating can often be a dangerous practice financially, depending on the information being relied upon. If the information provided by the client is false or faulty, the investment advisor is not only risking his reputation but also his bank account.
Example of Tailgating
Tom is an investment advisor for his client, Bill. Bill contacts Tom and provides him with information that Company A is planning to announce a reorganization of its management structure, which includes bringing in new managers to improve overall performance. With this provided information from Bill, Tom agrees with Bill the new management will most likely succeed in improving Company A's performance, and therefore increase in profitable investments. After purchasing the 1,000 shares for Bill as he requested, Tom proceeds to purchase another 1,000 shares for himself.
These types of attacks involve someone who lacks the proper authentication following an employee into a restricted area.
In a common type of tailgating attack, a person impersonates a delivery driver and waits outside a building. When an employee gains security’s approval and opens their door, the attacker asks that the employee hold the door, thereby gaining access off of someone who is authorized to enter the company.
Tailgating does not work in all corporate settings, such as in larger companies where all persons entering a building are required to swipe a card. However, in mid-size enterprises, attackers can strike up conversations with employees and use this show of familiarity to successfully get past the front desk.
In fact, Colin Greenless, a security consultant at Siemens Enterprise Communications, used these same tactics to gain access to several different floors, as well as the data room at an FTSE-listed financial firm. He was even able to base himself in a third floor meeting room, out of which he worked for several days.
Critical Thinking 2-3: Your Social Engineering Attack Today's Attacks and Defenses at the beginning of this...
Today’s Attacks and Defenses at the beginning of this chapter illustrated how a security researcher could manipulate a help desk support technician into compromising security. If you were to create your own social engineering attack, what would it be? Using your place of employment or school, first determine exactly what your goal would be in the attack, and then craft a detailed description of how you would carry out the attack using only social engineering to achieve your goal. You...
If you were to create your own social engineering attack, what would it be? Using your place of employment or school, first determine exactly what your goal would be in the attack, and then craft a detailed description of how you would carry out the attack using only social engineering to achieve your goal. You may want to search the Internet for examples of previously successful attacks that used social engineering. Why do you think your attack would be successful?...
Peer Reviewer: Describe the problem in your own words. What is the scope? What is the severity? Is the problem statement objective? Explain why or why not. Describe the problem statement quality and provide one suggestion for improvement. How was the problem measured? Explain the derivation of the metric and the baseline and the unit of the metric. Make a comment on the quality of the metric used, providing one alternative or additional metric for the problem. List the factors...
IT's About Business 4.1 The Heartbleed Bug What Is Heartbleed? OpenSSL, an open-source software package, is a popular type of transport layer security (TLS) software (discussed later in this chapter) that secures numerous websites around the world. Web servers use OpenSSL to encrypt sites. Such sites show up in browsers with a “lock” icon and the “https” prefix in the address bar. The encryption protects Internet sites offering banking, shopping, email, and other private communications. Roughly two out of three...
Risk management in Information Security today Everyday information security professionals are bombarded with marketing messages around risk and threat management, fostering an environment in which objectives seem clear: manage risk, manage threat, stop attacks, identify attackers. These objectives aren't wrong, but they are fundamentally misleading.In this session we'll examine the state of the information security industry in order to understand how the current climate fails to address the true needs of the business. We'll use those lessons as a foundation...
second attempt. need asap please 2-4 sentences summarizing the article 4 interesting quotes from the article and 4 points explaining each quote In the first few years of the new millennium, at the height of the boom in the offshore call-center business, Tata Consultancy Services, the Indian technology-services giant, made the counterintuitive decision to divest its call-center operations. Why? Because although outsourced call centers were a fast-growing piece of its current business, TCS’s leadership had come to believe that they...
Please read the article and answer about questions. You and the Law Business and law are inseparable. For B-Money, the two predictably merged when he was negotiat- ing a deal for his tracks. At other times, the merger is unpredictable, like when your business faces an unexpected auto accident, product recall, or government regulation change. In either type of situation, when business owners know the law, they can better protect themselves and sometimes even avoid the problems completely. This chapter...
First, read the article on "The Delphi Method for Graduate Research." ------ Article is posted below Include each of the following in your answer (if applicable – explain in a paragraph) Research problem: what do you want to solve using Delphi? Sample: who will participate and why? (answer in 5 -10 sentences) Round one questionnaire: include 5 hypothetical questions you would like to ask Discuss: what are possible outcomes of the findings from your study? Hint: this is the conclusion....