Ver:
·
http://en.wikipedia.org/wiki/Social_engineering_%28computer_security%29
Mecanismo
para obtener información o datos de naturaleza sensible.
Las técnicas
de ingeniería social son tácticas de persuasión que suelen valerse de la buena
voluntad y falta de precaución de los usuarios, y cuya finalidad consiste en
obtener cualquier clase de información, en muchas ocasiones claves o códigos.
http://www.inteco.es/glossary/Formacion/Glosario/
Son técnicas
basadas en engaños que se emplean para dirigir la conducta de una persona u
obtener información sensible. El afectado es inducido a actuar de determinada
forma (pulsar en enlaces, introducir contraseñas, visitar páginas, etc.)
convencido de que está haciendo lo correcto cuando realmente está siendo
engañado por el ingeniero social.
http://www.alerta-antivirus.es/seguridad/ver_pag.html?tema=S
Forma de vida
o actuación aprovechada y tramposa.
DRAE.
Diccionario de la Lengua Española.
Eufemismo
empleado para referirse a medios no técnicos o de baja complejidad tecnológica
utilizados para atacar a sistemas de información, tales como mentiras,
suplantaciones, engaños, sobornos y chantajes. [CCN-STIC-403:2006]
The act of
deceiving an individual into revealing sensitive information by associating
with the individual to gain confidence and trust. [NIST-SP800-63:2013]
The practice of
obtaining otherwise secure information by tricking, exploiting human traits of
trust and helpfulness, or manipulation of legitimate users. [CSS NZ:2011]
An attempt to
trick someone into revealing information (e.g., a password) that can be used to
attack an enterprise. [CNSSI_4009:2010]
(D) Euphemism for
non-technical or low-technology methods, often involving trickery or fraud,
that are used to attack information systems. Example: phishing. [RFC4949:2007]
An attempt to
trick someone into revealing information (e.g., a password) that can be used to
attack systems or networks. [NIST-SP800-61:2004]
A euphemism for
non-technical or low-technology means - such as lies, impersonation, tricks,
bribes, blackmail, and threats - used to attack information systems.
http://www.sans.org/security-resources/glossary-of-terms/
Social
engineering is a term that describes a non-technical kind of intrusion that
relies heavily on human interaction and often involves tricking other people to
break normal security procedures.
A social engineer
runs what used to be called a "con game." For example, a person using
social engineering to break into a computer network might try to gain the
confidence of an authorized user and get them to reveal information that
compromises the network's security. Social engineers often rely on the natural
helpfulness of people as well as on their weaknesses. They might, for example,
call the authorized employee with some kind of urgent problem that requires
immediate network access. Appeal to vanity, appeal to authority, appeal to
greed, and old-fashioned eavesdropping are other typical social engineering
techniques.
http://searchsecurity.techtarget.com/
Potential
attackers may persuade an authorised user to give them their password (e.g. by
pretending to be involved in systems maintenance, by bribing).
An attack that
does not depend on technology as much as it depends upon tricking or persuading
an individual to divulge privileged information to the attacker, usually
unknowingly. For example, an attacker might phone a company's internal help
desk, posing as an employee, and say, "This is Fred in Accounting. I was
on vacation for five weeks and forgot my network password. Could you look it up
for me?" If the gullible help desk technician reveals the password to the
attacker, the attacker "socially engineered" it out of him.
http://www.watchguard.com/glossary/
Tricks performed
by malicious users offline to gain access to secure systems, for example
impersonating a technical support agent.
http://www.getsafeonline.org/
Technique de piratage
consistant à profiter de la crédulité d'un utilisateur afin de lui sous-tirer
des informations confidentielles attenantes à un système d'information cible.
Le but principal est pour le pirate de pouvoir obtenir des informations lui
permettant d'obtenir un accès valide sur le système d'information qu'il
souhaite pénétrer. Le pirate informatique profite ainsi du maillon le plus
faible de la chaîne pour pénétrer sur un système d'information.
http://www.cases.public.lu/functions/glossaire/
Temas relacionados