One of the largest and most overlooked security vulnerability that exists in every company is… people. Many times, complex security can be bypassed by using low tech attacks or simple techniques. In “No Tech Hacking: A Guide to Social Engineering, Dumpster Diving, and Shoulder Surfing” author Johnny Long along with Kevin Mitnick take a look at some commonly used social engineering techniques.
People will always be the weakest link in security. In 15 years of providing onsite computer support to manufacturing companies, hospitals, banks, military, correctional facilities and government offices, I have only been challenged for credentials four times. People tend to be trusting and if you are already inside a building, they usually assume that you belong there.
Sad, but true, you are judged by the way you look. For instance, a person in a shirt and tie will be ignored by most shop floor employees; someone in jeans will be invisible to executives. Also, if you look a certain way, people will assume what your occupation is. For example, If you show up to a company carrying technical gear, they will assume that you are a repairman.
Johnny Long’s book takes a very good look at this ignored side of computer security. Many times information can be gleaned just with the power of observation. Johnny talks about everything including finding administrator passwords in a dumpster to defeating a very expensive state of the art security system with a coat hanger and a wet wash cloth.
Sections on physical security like motion and infra red sensors are present. There is even a section on how insecure locks really are. Some of it is downright scary. For example, why use the key when you can open locks with a McDonald’s straw? Or open a laptop lock by using a beer can.
If you have seen Johnny in person or in a webcast, rest assured, his humor and wit are present in spades. The reading is light, informative and downright whimsical at times. It is a great book to read when you just want to kick back, relax and read something enjoyable. And being Johnny Long, rest assured, there is a section on Google Hacking.
Network security is an ongoing war, and as Sun Tzu said, ‘Know thy Enemy’. Learning about the techniques that social engineers use will allow you to look at your corporate security in a whole new light.