Skip navigation
Please use this identifier to cite or link to this item: https://ela.kpi.ua/handle/123456789/33828
Title: Detection of vulnerabilities of the computer systems and networks using social engineering techniques
Other Titles: Виявлення уразливостей комп’ютерних систем і мереж методами соціальної інженерії
Обнаружение уязвимостей компъютерных систем и сетей методами социальной инженерии
Authors: Tsurkan, Oksana
Herasymov, Rostyslav
Keywords: vulnerabilities
computer systems and networks
behavioural model
social engineering
social engineering techniques
уразливість
комп’ютерні системи та компоненти
модель поведінки
соціальна інженерія
методи соціальної інженерії
уязвимость
компьютерные системы и компоненты
модель поведения
социальная инженерия
методы социальной инеженерии
Issue Date: 2018
Publisher: Institute of Special Communication and Information Protection of National Technical University of Ukraine “Igor Sikorsky Kyiv Polytechnic Institute”
Citation: Tsurkan, O. Detection of vulnerabilities of the computer systems and networks using social engineering techniques / Oksana Tsurkan, Rostyslav Herasymov // Information Technology and Security. – 2018. – Vol. 6, Iss. 2 (11). – Pp. 43–50. – Bibliogr.: 9 ref.
Abstract: Information protection in computer systems and networks is focused on preserving its confidentiality properties of, integrity and availability from various inherently adverse impacts. Potentially possible adverse effects are interpreted as a threat. To prevent or complicate the possibility of realizing threats and reducing potential losses, a system of information protection measures is created and maintained in a healthy state. Such a system includes a computing system, physical environment, staff, and information. One of the most vulnerable elements of such system is staff. Within the framework of the socio-engineering approach, staff vulnerability is interpreted as its weaknesses, needs, mania (passions), hobbies. Manipulating them allows one to gain unauthorized access to information without destroying and distorting its main system-forming qualities. This is reflected in such forms as fraud, deception, scam, intrigue, hoax, provocation. The use of each of these manipulation forms is preceded by the determination of its content by careful planning, organization, and control. These actions are the basis of social engineering methods. Their use is aimed at imitating the actions of the information security violator, which are aimed at staff. This allows to assess the level of staff skills in the information security field and, as a result, to identify information vulnerabilities in computer systems and networks. The methods of social engineering used for this are divided into two groups, in particular, remote social engineering and personal contact. Methods of remote social engineering are implemented by means of modern telecommunications. In addition, the second group of methods involves the establishment of personal contact with the object of influence. In the end, it becomes possible not only to identify, neutralize, but also to prevent information vulnerabilities in computer systems and networks with the introduction of social engineering methods. Therefore, firstly, its protection is ensured taking into account the requirements of the information security policy; secondly, the rules of conduct of the staff are established, regulated by the job descriptions; thirdly, training is held to increase the persistence of employees stereotypes of the organization.
URI: https://ela.kpi.ua/handle/123456789/33828
DOI: https://doi.org/10.20535/2411-1031.2018.6.2.153489
Appears in Collections:Information Technology and Security, Vol. 6, Iss. 2 (11)

Files in This Item:
File Description SizeFormat 
ITS2018-6-2_04.pdf572.32 kBAdobe PDFThumbnail
View/Open
Show full item record


Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.