Social Engineering Vulnerabilities

Social Engineering is a process in which access is gained to a network using physical means. Various types of social engineering can be used by a hostile party to exploit a network. Secure Network Technologies will only demonstrate non-malicious and non-harmful Social Engineering Techniques to demonstrate these possible vulnerabilities.

The following items explain some of the acceptable social engineering tactics that are identified by Secure Network Technologies:

• Requesting passwords from help desk personnel
• Locating accessible physical network access (i.e. lobby network jacks)
• Posing as a trusted vendor for network access & privileges
• Gaining access to Information Technology Facilities during business hours

Unacceptable Social Engineering tactics that are NOT performed by Secure Network Technologies are:

• Exploitation of customers or employees to gain access (i.e. the use of threatening or harmful behavior, hostage taking, bribery, blackmail, or disruption/violence in the workplace)
• Gaining unauthorized physical access to the customers facilities after business hours
• Rummaging through trash for classified or sensitive data (Dumpster Diving)
• The disable of the customer security system(s) (i.e. Fire Wall, intrusion Detection System, Building Alarm Systems)