Information Security Assignment 1 Final2
INFORMATION SECURITY ASSIGNMENT ONE(PART ONE)BOOK REVIEWStudent Name: FANIRAN, Victor T.Student No: 215078603 The Art of Deception: Controlling The Human Element Of Security, By Kevin D. Mitnick and William L. Simon, Scanned by KINETICSTOMP, Revised and Enlarged by SWIFT…335 Pages Reviewed by Faniran Victor T. According to Wikipedia, Kevin David Mitnick is an American computer security consultant, author and hacker who was convicted of various computer and communications-related crimes in 1999. He was said to be the computer criminal that was most wanted in the United States at that period but now runs Mitnick Security Consulting, LLC, a security firm that tests the strengths and weaknesses of companys security together with its potential loopholes. By mere glancing through the title of the book, any prospective reader should be drawn to the edge of his or her seat because the word “ART” refers to the expression of a creative skill, so anyone who loves to learn new skills will be very interested in wanting to know the various skills of “DECEPTION”, hence the title, “The Art of Deception”. This is an indispensable book you can never get bored of reading especially when you embark on an odyssey. The preface highlights his life from high school as a passionate phone-phreaking (exploring telephone network by exploiting phone systems) person who saw hacking as a talent especially in the stories of the bus transfer and relying on unusual patterns of a paper-punch. So it is safe to assume that he developed this interest from childhood.
The intended purpose of writing the book was to alert individuals, firms, companies and even the government about the acts and vices of social engineering and to expose humans’ behavioral vulnerabilities. The book emphasizes and continually re-iterates, throughout, the fact that human beings are the weakest and most susceptible channel and link through which social engineering can be exploited and through which information security can be compromised regardless of the technological infrastructural security measures put in place. In the early chapters of this book, the author emphasized that all pieces of information are important in their own respect by narrating how people give out information regarded as trivial, worthless, less important or innocuous. He stressed that social engineers could manipulate and obtain such information by placing relevant questions (regarding the information they need) between irrelevant or casual questions so that the mark (victim of a con) would not suspect. According to him, social engineers make use of sugar-coated and “sexy” speeches in order to allure their victims into giving out the information they need. Various scenarios were depicted where the responder of a call poured out information to a caller who pretended to be an employee in the same organization as the responder just because the caller used the organization’s lingos. Kevin Mitnick advises that in such scenarios, the responder of a call MUST confirm the details of the caller, before giving out ANY kind of information, in any and every way possible which could include cross-checking with standard authorities, enquiring about the caller’s “need to know” or making use of a two-factor authentication