Art Of Deception - Controlling the Human Element of Security -By Kevin D.Mitnick

COULDNT FIND A DATE

Foreword
We humans are born with an inner drive to explore the nature
of our surroundings. As young men, both Kevin Mitnick and
I were intensely curious about the world and eager to prove
ourselves. We were rewarded often in our attempts to learn new things,
solve puzzles, and win at games. But at the same time, the world around
us taught us rules of behavior that constrained our inner urge toward free
exploration. For our boldest scientists and technological entrepreneurs, as
well as for people like Kevin Mitnick, following this inner urge offers the
greatest thrills, letting us accomplish things that others believe cannot be
done.
Kevin Mitnick is one of the finest people I know. Ask him, and he will
say forthrightly that what he used to do - social engineering - involes
conning people. But Kevin is no longer a social engineer. And even when
he was, his motive never was to enrich himself or damage others. That's
not to say that there aren't dangerous and destructive criminals out there
who use social engineering to cause real harm. In fact, that's exactly why
Kevin wrote this book - to warn you about them.
The Art of Deception shows how vulnerable we all are - government,
business, and each of us personally - to the intrusions of the social
engineer. In this security-conscious era, we spend huge sums on
technology
to protect our computer networks and data. This book points out how easy
it is to trick insiders and circumvent all this technological protection.
Whether you work in business or government, this book provides a
powerful road map to help you understand how social engineers work and
what you can do to foil them. Using fictionalized stories that are bothentertaining and eye-opening, Kevin and co-author Bill Simon bring to
life
the techniques of the social engineering underworld. After each story,
they offer practical guidelines to help you guard against the breaches and
threats they're described.
Technological security leaves major gaps that people like Kevin can help
us close. Read this book and you may finally realize that we all need to
turn to the Mitnick's among us for guidance.
-Steve Wozniak

Introduction
This book contains a wealth of information about information security and
social engineering. To help you find your way, here's a quick look at how
this book is organized:
In Part 1 I'll reveal security's weakest link and show you why you and
your company are at risk from social engineering attacks.
In Part 2 you'll see how social engineers toy with your trust, your desire to
be helpful, your sympathy, and your human gullibility to get what they
want. Fictional stories of typical attacks will demonstrate that social
engineers can wear many hats and many faces. If you think you've never
encountered one, you're probably wrong. Will you recognize a scenario
you've experienced in these stories and wonder if you had a brush with
social engineering? You very well might. But once you've read Chapters 2
through 9, you'll know how to get the upper hand when the next social
engineer comes calling.
Part 3 is the part of the book where you see how the social engineer ups
the ante, in made-up stories that show how he can step onto your
corporate premises, steal the kind of secret that can make or break your
company, and thwart your hi-tech security measures. The scenarios in this
section will make you aware of threats that range from simple employee
revenge to cyber terrorism. If you value the information that keeps your
business running and the privacy of your data, you'll want to read
Chapters 10 through 14 from beginning to end.
It's important to note that unless otherwise stated, the anecdotes in this
book are purely fictional.
In Part 4 I talk the corporate talk about how to prevent successful social
engineering attacks on your organization. Chapter 15 provides a blueprint
for a successful security-training program. And Chapter 16 might just
save your neck - it's a complete security policy you can customize for
your organization and implement right away to keep your company and
information safe.