A common saying is ” Amateurs Hack Systems, Professionals Hack People”. Social engineering is the art of manipulating people into performing actions or divulging confidential information. People fall for social engineering tricks based on their instinct to be helpful and trusting. The typical attacker never comes face-to-face with a victim using deception through email, social networks or over the phone.
Consultants list end-user training as a top prevention to defend against social engineering. How should you provide training for your user community? Here are some tips for educating your staff about common social engineering attacks.
Explain Why Policies Exist
It is common to see organizations send out policy reminders without explaining why they exist. The average user will delete a policy email once they realize its standard legal language.
Try explaining why users should care. For example, start off with a scenario about an email account being violated and or company data compromised. Include details about what social engineer tactic was used, investment by IT to clean up the issue and ways to avoid the threat. Close with the policy being enforced.
Provide Examples Beyond The Intranet
Organizations typically send warning emails to employees when they discover threats to internal sources. It is rare to see companies extend warnings about phishing or other external attacks. Try periodically sending out examples of different social engineering attacks highlighting what to look for and where they are common. Examples should include social networks, fake URLs, craiglist scams and threats using shareware. Your end-users can be targeted anywhere so educate on all forms of social engineering attacks. Continue reading →
Bring Your Own Device (BYOD) has become a hot topic for many industries. Lately security people are using the term BYOD like datacenter folks classify everything as Cloud. My team has advised our customers using a best practice BYOD architecture (more info HERE) and like many consultants feel Mobile Device Management aka MDM is a key factor.
A few months ago I posted about one of the market leaders, MobileIron, HERE. I have received multiple requests for another vendor and chose the current leader Zenprise according to Gartner’s Report “Critical Capabilities for Mobile Device Management”. Plus I really like Zenprise.
Zenprise offers all the popular features expected from leading MDM vendors such as controlled remote wipe, policy enforcement (passwords, etc.), flagging jailbroken devices and enabling location. A few differentiators as of today for Zenprise are the ability to remotely login into phones (similar to remote desktop for windows), secure content distribution and Mobile DLP, application-specific VPN tunnels, and SIEM integration.
The architecture of Zenprise is similar to other MDM vendors. They have a management system (Zenprise Device Manager, or ZDM) and enforcement system (Zenprise Secure Mobile Gateway (SMG)). The Zenprise SMG is what denies email services to devices that violate policy. They also have a component that sits inside the network and does advanced diagnostics and troubleshooting for Microsoft Exchange and BlackBerry Enterprise Server (Zenprise Service Manager, or ZSM). Like many MDM vendors, Zenprise has an agent that sits on endpoints to enforce policy. Most people install both the ZDM and Zenprise SMG since it makes sense to enforce policies. Licensing for cloud or on-premise is based on the number of endpoints and drops as larger quantities are purchased.
To try Zenrpise out, go to https://zencloud.zenprise.com/zencloud/cloudUser/create and fill out the form to gain access to a free trial of the cloud service. You can also request Zenprise software to setup an on-premise trial however you will have to request that from a Zenprise sales person or partner such as World Wide Technology Inc. One you gain access to the management system, login in and you should hit the main dashboard.
After logging in, the main Zenprise landing page will show devices you are managing. Details include Jailbroken / Rooted, Managed / Unmanaged, Serial numbers, IMEI/MEID, last connected, User, OS Version, etc. You can click a device and see details such as what apps are installed, how much battery life is available, installed certificates, etc.
Zenprise policies are pretty easy to setup and can be device specific. The screenshot below shows a blacklist policy for Angry Birds and Dropbox on iOS devices.
You have a few options in Zenprise to add a new device. One option is downloading the Zenprise agent from iTunes / Google Play and enrolling. Enrolling requires the ZDM address, username and password. Once you login, it will prompt you for certificates and any profiles configurations setup by administration.
Once Zenprise is installed, the user can access apps offered by administration and view the agent configuration.
Other methods in Zenprise to add devices include registration using the administration dash (asks for the serial number of the device) and sending out a registration link via email or txt.
There are many options in Zenprise for reports which include inventory, software, jailbroken / rooted and hardware. Below is a screenshot from the next release coming out in June/July 2012. Check out www.zenprise.com for more info on their solution.
A common saying is ” Amateurs Hack Systems, Professionals Hack People”. Social engineering is the art of manipulating people into performing actions or divulging confidential information. People fall for social engineering tricks based on their instinct to be helpful and trusting. The typical attacker never comes face-to-face with a victim using deception through email, social networks or over the phone.
