Thwarting Social-Engineering Attacks

No matter how secure a computer or network is, a single person can undo the steps that have been taken by the administrator. Instead of taking endless hours and expensive resources to crack passwords, attackers have found they can sometimes get what they want just by asking. Or, instead of hacking into networks to install malicious software, they can simply ask a user to install it.

This sounds a little outrageous. Would users actually give up their passwords or willingly install software that turns out to be malicious? The answer is yes, and it happens all the time.

Social engineering is a broad term indicating that an attacker is using techniques to trick people into giving up sensitive information or ...

Get Microsoft® Windows® Security: Essentials now with the O’Reilly learning platform.

O’Reilly members experience live online training, plus books, videos, and digital content from nearly 200 publishers.