Importance of Security and Social Engineering
What is Security
Software doesn’t care about the data that is processing or transmitting over Internet. Therefore, It is needed to be designed and developed based on the sensitivity of the data. If the data is accessible to public, it won’t require user authentication. Based on the sensitivity of the data processed by the application; suitable authentication, authorization, and protection of the data in storage should be designed for the application. To protect the software and sensitive data, there should be a measurement taken during each phase of the Software Development Life Cycle (SDLC). In that case security step in. Here we are going to cover Application Security and Software Security under this.
Application Security
It is a reactive approach, means it takes place once the software has been deployed.
Software Security
It is a proactive approach, it takes place within the pre-deployment phase.
Note : Software security is not an application security.
Both software and infrastructure need to be protected to maintain the highest level of software security. This involves both software security (i.e in design, coding, and testing phases) and application security (i.e post deployment testing, monitoring, patching, upgrading, etc).
What is Social Engineering
Attacking techniques are used physically / psychologically is called Social engineering. It relies on human interaction. The attacker manipulates the victim to access any sensitive data. Social Engineering techniques:
- Phishing.
- Spear Phishing.
- Dumpster diving.
- Vishing.
- Pretexting.
- Baiting.
- Shoulder surfing.
- Tailgating.
- Quid pro quo etc.
We are going to cover here most popular attacks only.
Shoulder surfing
It is used to obtain private and personal information(eg. personal identification numbers (PINs), passwords) by looking or peeping over the victim’s shoulder.
Eg. Filling an online form in a cyber cafe, internet cafe, in that case it is recommended to take a look if anyone or any camera is peeping at your personal data, passwords.
Dumpster diving
Normally Cyber criminals are looking for information and sensitive data about the users in garbage area. Eg. People usually throw receipts generated by ATM. It contains financial details about the user(i.e names and phone numbers). Cyber criminals use this to compromise users. So victims should suggest an area to set up where essential files and DVDs, and other stuff can be dumped.
Phishing
Most famous attack. Attacker creates a dummy website or portal of any popular organization, institute, or company and sends the link to targets using emails or social media. Victim is the one who unaware of this attack and gives personal information. The attacker gets the user login credentials and other personal information and then logging into the original site. Victim should use a spam filter to not getting involved into phishing emails.
Note :- Phishing links normally don’t have a domain name and contains HTTPS.
Hope you all have an understanding of Security and Social Engineering.
Happy Learning.😊